requireAuth -> requireAuthentication

.dart_tool/pub/bin/sdk-version

@@ -0,0 +1 @@
+2.0.0-dev.68.0

CHANGELOG.md

@@ -1,3 +1,9 @@
+# 1.2.0
+* Deprecate `requireAuth`, in favor of `requireAuthentication`.
+* Allow configuring of the `userKey`.
+* Add `authenticateAndContinue`.
+* Deprecate `middlewareName`.
+
 # 1.1.1+6
 * Fix a small logic bug that prevented `LocalAuthStrategy`
 from correctly propagating the authenticated user when

lib/auth_token.dart

@@ -1,4 +1,4 @@
 /// Stand-alone JWT library.
 library angel_auth.auth_token;
 
-export 'src/auth_token.dart';
+export 'src/auth_token.dart';

lib/src/defs.dart

@@ -4,4 +4,4 @@ import 'dart:async';
 typedef FutureOr UserSerializer<T>(T user);
 
 /// Deserializes a user from the session.
-typedef FutureOr<T> UserDeserializer<T>(userId);
+typedef FutureOr<T> UserDeserializer<T>(userId);

lib/src/middleware/require_auth.dart

@@ -1,5 +1,3 @@
-import 'dart:async';
-import 'dart:io';
 import 'package:angel_framework/angel_framework.dart';
 
 /// Forces Basic authentication over the requested resource, with the given [realm] name, if no JWT is present.
@@ -10,27 +8,32 @@ RequestHandler forceBasicAuth({String realm}) {
     if (req.properties.containsKey('user')) return true;
 
     res
-      ..statusCode = HttpStatus.UNAUTHORIZED
-      ..headers[HttpHeaders.WWW_AUTHENTICATE] =
-          'Basic realm="${realm ?? 'angel_auth'}"'
+      ..statusCode = 401
+      ..headers['www-authenticate'] = 'Basic realm="${realm ?? 'angel_auth'}"'
       ..end();
     return false;
   };
 }
 
-/// Restricts access to a resource via authentication.
-Future<bool> requireAuth(RequestContext req, ResponseContext res,
-    {bool throwError: true}) async {
-  bool _reject(ResponseContext res) {
-    if (throwError) {
-      res.statusCode = HttpStatus.FORBIDDEN;
-      throw new AngelHttpException.forbidden();
-    } else
-      return false;
-  }
+/// Use [requireAuthentication] instead.
+@deprecated
+final RequestMiddleware requireAuth = requireAuthentication(userKey: 'user');
 
-  if (req.properties.containsKey('user') || req.method == 'OPTIONS')
-    return true;
-  else
-    return _reject(res);
+/// Restricts access to a resource via authentication.
+RequestMiddleware requireAuthentication({String userKey: 'user'}) {
+  return (RequestContext req, ResponseContext res,
+      {bool throwError: true}) async {
+    bool _reject(ResponseContext res) {
+      if (throwError) {
+        res.statusCode = 403;
+        throw new AngelHttpException.forbidden();
+      } else
+        return false;
+    }
+
+    if (req.properties.containsKey(userKey) || req.method == 'OPTIONS')
+      return true;
+    else
+      return _reject(res);
+  };
 }

lib/src/plugin.dart

@@ -38,7 +38,8 @@ class AngelAuth<T> {
   /// Only applies if [allowCookie] is `true`.
   final String cookiePath;
 
-  /// The name to register [requireAuth] as. Default: `auth`.
+  /// The name to register [requireAuthentication] as. Default: `auth`.
+  @deprecated
   String middlewareName;
 
   /// If `true` (default), then JWT's will be considered invalid if used from a different IP than the first user's it was issued to.
@@ -104,7 +105,8 @@ class AngelAuth<T> {
     app.container.singleton(this);
     if (runtimeType != AngelAuth) app.container.singleton(this, as: AngelAuth);
 
-    app.registerMiddleware(middlewareName, requireAuth);
+    // ignore: deprecated_member_use
+    app.registerMiddleware(middlewareName, requireAuthentication());
 
     if (reviveTokenEndpoint != null) {
       app.post(reviveTokenEndpoint, reviveJwt);
@@ -189,9 +191,7 @@ class AngelAuth<T> {
     }
 
     if (_jwtLifeSpan > 0) {
-      cookie.maxAge ??= _jwtLifeSpan < 0
-          ? -1
-          : _jwtLifeSpan ~/ 1000;
+      cookie.maxAge ??= _jwtLifeSpan < 0 ? -1 : _jwtLifeSpan ~/ 1000;
       cookie.expires ??=
           new DateTime.now().add(new Duration(milliseconds: _jwtLifeSpan));
     }
@@ -308,7 +308,7 @@ class AngelAuth<T> {
           }
 
           if (options?.successRedirect?.isNotEmpty == true) {
-            res.redirect(options.successRedirect, code: HttpStatus.OK);
+            res.redirect(options.successRedirect, code: 200);
             return false;
           } else if (options?.canRespondWithJson != false &&
               req.accepts('application/json')) {
@@ -325,7 +325,7 @@ class AngelAuth<T> {
           // Check if not redirect
           if (res.statusCode == 301 ||
               res.statusCode == 302 ||
-              res.headers.containsKey(HttpHeaders.LOCATION))
+              res.headers.containsKey('location'))
             return false;
           else
             throw new AngelHttpException.notAuthenticated();

lib/src/popup_page.dart

@@ -6,7 +6,7 @@ import 'options.dart';
 AngelAuthCallback confirmPopupAuthentication({String eventName: 'token'}) {
   return (req, ResponseContext res, String jwt) async {
     res
-      ..contentType = ContentType.HTML
+      ..contentType = new ContentType('text', 'html')
       ..write('''
       <!DOCTYPE html>
       <html>

lib/src/strategies/local.dart

@@ -1,6 +1,5 @@
 import 'dart:async';
 import 'package:dart2_constant/convert.dart';
-import 'dart:io';
 import 'package:angel_framework/angel_framework.dart';
 import '../options.dart';
 import '../strategy.dart';
@@ -45,7 +44,7 @@ class LocalAuthStrategy extends AuthStrategy {
     var verificationResult;
 
     if (allowBasic) {
-      String authHeader = req.headers.value(HttpHeaders.AUTHORIZATION) ?? "";
+      String authHeader = req.headers.value('authorization') ?? "";
 
       if (_rgxBasic.hasMatch(authHeader)) {
         String base64AuthString = _rgxBasic.firstMatch(authHeader).group(1);
@@ -82,14 +81,14 @@ class LocalAuthStrategy extends AuthStrategy {
     if (verificationResult == false || verificationResult == null) {
       if (options.failureRedirect != null &&
           options.failureRedirect.isNotEmpty) {
-        res.redirect(options.failureRedirect, code: HttpStatus.UNAUTHORIZED);
+        res.redirect(options.failureRedirect, code: 401);
         return false;
       }
 
       if (forceBasic) {
         res
           ..statusCode = 401
-          ..headers[HttpHeaders.WWW_AUTHENTICATE] = 'Basic realm="$realm"'
+          ..headers['www-authenticate'] = 'Basic realm="$realm"'
           ..end();
       }
 

lib/src/strategies/strategies.dart

@@ -1 +1 @@
-export 'local.dart';
+export 'local.dart';

lib/src/strategy.dart

@@ -7,8 +7,9 @@ abstract class AuthStrategy {
   String name;
 
   /// Authenticates or rejects an incoming user.
-  Future authenticate(RequestContext req, ResponseContext res, [AngelAuthOptions options]);
+  Future authenticate(RequestContext req, ResponseContext res,
+      [AngelAuthOptions options]);
 
   /// Determines whether a signed-in user can log out or not.
   Future<bool> canLogout(RequestContext req, ResponseContext res);
-}
+}

pubspec.yaml

@@ -1,6 +1,6 @@
 name: angel_auth
 description: A complete authentication plugin for Angel.
-version: 1.1.1+6
+version: 1.2.0
 author: Tobe O <thosakwe@gmail.com>
 homepage: https://github.com/angel-dart/angel_auth
 environment:

test/local_test.dart

@@ -7,7 +7,7 @@ import 'package:http/http.dart' as http;
 import 'package:test/test.dart';
 
 final AngelAuth auth = new AngelAuth();
-var headers = <String, String>{HttpHeaders.ACCEPT: ContentType.JSON.mimeType};
+var headers = <String, String>{'accept': 'application/json'};
 AngelAuthOptions localOpts = new AngelAuthOptions(
     failureRedirect: '/failure', successRedirect: '/success');
 Map sampleUser = {'hello': 'world'};
@@ -46,8 +46,7 @@ main() async {
     app.get('/success', "yep", middleware: ['auth']);
     app.get('/failure', "nope");
 
-    HttpServer server =
-        await angelHttp.startServer('127.0.0.1', 0);
+    HttpServer server = await angelHttp.startServer('127.0.0.1', 0);
     url = "http://${server.address.host}:${server.port}";
     basicAuthUrl =
         "http://username:password@${server.address.host}:${server.port}";
@@ -71,25 +70,25 @@ main() async {
     Map postData = {'username': 'username', 'password': 'password'};
     var response = await client.post("$url/login",
         body: json.encode(postData),
-        headers: {HttpHeaders.CONTENT_TYPE: ContentType.JSON.mimeType});
+        headers: {'content-type': 'application/json'});
     expect(response.statusCode, equals(200));
-    expect(response.headers[HttpHeaders.LOCATION], equals('/success'));
+    expect(response.headers['location'], equals('/success'));
   });
 
   test('failureRedirect', () async {
     Map postData = {'username': 'password', 'password': 'username'};
     var response = await client.post("$url/login",
         body: json.encode(postData),
-        headers: {HttpHeaders.CONTENT_TYPE: ContentType.JSON.mimeType});
+        headers: {'content-type': 'application/json'});
     print("Login response: ${response.body}");
-    expect(response.headers[HttpHeaders.LOCATION], equals('/failure'));
+    expect(response.headers['location'], equals('/failure'));
     expect(response.statusCode, equals(401));
   });
 
   test('allow basic', () async {
     String authString = base64.encode("username:password".runes.toList());
-    var response = await client.get("$url/hello",
-        headers: {HttpHeaders.AUTHORIZATION: 'Basic $authString'});
+    var response = await client
+        .get("$url/hello", headers: {'authorization': 'Basic $authString'});
     expect(response.body, equals('"Woo auth"'));
   });
 
@@ -104,7 +103,6 @@ main() async {
         .add(new LocalAuthStrategy(verifier, forceBasic: true, realm: 'test'));
     var response = await client.get("$url/hello", headers: headers);
     print(response.headers);
-    expect(response.headers[HttpHeaders.WWW_AUTHENTICATE],
-        equals('Basic realm="test"'));
+    expect(response.headers['www-authenticate'], equals('Basic realm="test"'));
   });
 }