Conversation
test/index.js
Outdated
| expect(() => { | ||
|
|
||
| expect(err).to.not.exist(); | ||
| server.auth.strategy('session', 'cookie', { password: new Buffer('foobar') }); |
There was a problem hiding this comment.
new Buffer is deprecated since node v6. Should be replaced by Buffer.from.
There was a problem hiding this comment.
Good catch! Updated.
test/index.js
Outdated
| const server = new Hapi.Server(); | ||
| server.connection(); | ||
| server.register(require('../'), (err) => { | ||
| server.register(require('../')); |
There was a problem hiding this comment.
Shouldn't you await on server.register as per the new docs?
test/index.js
Outdated
|
|
||
| server.auth.strategy('default', 'cookie', true, { validateFunc: 'not a function' }); | ||
| }).to.throw(Error); | ||
| /* eslint-disable hapi/no-shadow-relaxed */ |
There was a problem hiding this comment.
I guess this flag is no longer necessary
There was a problem hiding this comment.
yeah, if you need to turn off linting in your tests your tests are broken - it looks like you've fixed the error this was meant to circumvent anyway though
nlf
left a comment
There was a problem hiding this comment.
i added some comments, but overall this is looking really great.
the "fat arrow" related comments, i'm more or less neutral as to whether you use fat arrow functions or not, but they should at least be consistent.
README.md
Outdated
| }; | ||
|
|
||
| const logout = function (request, reply) { | ||
| const logout = function (request, h) { |
README.md
Outdated
|
|
||
| const server = new Hapi.Server(); | ||
| server.connection({ port: 8000 }); | ||
| const server = new Hapi.Server({ port: 8000 }); |
There was a problem hiding this comment.
const server = Hapi.server({ port: 8000 });
README.md
Outdated
| validateFunc: function (request, session, callback) { | ||
|
|
||
| cache.get(session.sid, (err, cached) => { | ||
| validateFunc: async function (request, session) { |
README.md
Outdated
| exports.start(); | ||
| } | ||
| catch (err) { | ||
| console.log(err.stack); |
There was a problem hiding this comment.
i feel like there should be a process.exit(1); here, as-is this would log an error but exit with a non-error exit code, that seems bad
There was a problem hiding this comment.
I doubt the catch would ever be triggered since node doesn't have top level async/await.
There was a problem hiding this comment.
good point, it would be a promise rejection, so exports.start().catch((err) => {}); is more appropriate
There was a problem hiding this comment.
So what do you all think about wrapping this in a self-executing async function?
There was a problem hiding this comment.
Also, I didn't really want to make too large of a change in this PR aside from making it compatible with hapi17, but I'm not a huge fan of the fact the whole example/index.js being in the readme. I could simply keep the example updated and point to it from here.
example/index.js
Outdated
| }; | ||
|
|
||
| const home = function (request, reply) { | ||
| const home = function (request, h) { |
example/index.js
Outdated
| }; | ||
|
|
||
| const logout = function (request, reply) { | ||
| const logout = function (request, h) { |
example/index.js
Outdated
|
|
||
| const server = new Hapi.Server(); | ||
| server.connection({ port: 8000 }); | ||
| const server = new Hapi.Server({ port: 8000 }); |
There was a problem hiding this comment.
const server = Hapi.server({ port: 8000 });
There was a problem hiding this comment.
Are we not using new anymore? I thought I saw that somewhere.. maybe I was reading the wrong docs version!
There was a problem hiding this comment.
https://hapijs.com/api/17.0.1#-serveroptions
compared to:
https://hapijs.com/api/16.6.2#new-serveroptions
And it looks like this is where it was changed to a factory method:
hapijs/hapi@f35b8c5#diff-c945a46d13b34fcaff544d966cffcabaR23
example/index.js
Outdated
| redirectTo: '/login', | ||
| isSecure: false, | ||
| validateFunc: function (request, session, callback) { | ||
| validateFunc: async function (request, session) { |
test/index.js
Outdated
| it('fails with no plugin options', (done) => { | ||
| it('fails with no plugin options', () => { | ||
|
|
||
| const server = new Hapi.Server(); |
example/index.js
Outdated
| exports.start(); | ||
| } | ||
| catch (err) { | ||
| console.log(err.stack); |
Marsup
left a comment
There was a problem hiding this comment.
I think now CookieAuth could be an actual class. Also don't forget to update the engines in package.json.
README.md
Outdated
| exports.start(); | ||
| } | ||
| catch (err) { | ||
| console.log(err.stack); |
There was a problem hiding this comment.
I doubt the catch would ever be triggered since node doesn't have top level async/await.
lib/index.js
Outdated
| const decoration = (request) => { | ||
|
|
||
| const CookieAuth = function () { | ||
| class CookieAuth { |
There was a problem hiding this comment.
Probably the class can be extracted and request attached to it through the constructor.
There was a problem hiding this comment.
Done, also had to attach the settings.
|
Any ETA on when this will be completed, or should someone else provide a new PR? |
package.json
Outdated
| "node": ">=8.9.x" | ||
| }, | ||
| "dependencies": { | ||
| "boom": "3.x.x", |
There was a problem hiding this comment.
I think boom needs a well-deserved bump.
There was a problem hiding this comment.
Good point, done.
|
@toddhickerson Why a new PR ? |
|
@nlf Are there any remaining issues now? |
|
@Marsup Not sure how the whole process works, but what is remaining to get this accepted? This is the last item holding me back from hapi v17 on two projects. |
README.md
Outdated
| not trigger a redirection. Requires **hapi** version 6.2.0 or newer. Defaults to `true`; | ||
| - `validateFunc` - an optional session validation function used to validate the content of the | ||
| not trigger a redirection. Defaults to `true`; | ||
| - `await validateFunc` - an optional session validation function used to validate the content of the |
There was a problem hiding this comment.
This should be async here as it is the method provided by the user, not invoked by the user.
There was a problem hiding this comment.
Makes sense, updated.
|
I've tested this PR now, by upgrading to it in my app, and it works AFAICT. |
| not trigger a redirection. Requires **hapi** version 6.2.0 or newer. Defaults to `true`; | ||
| - `validateFunc` - an optional session validation function used to validate the content of the | ||
| not trigger a redirection. Defaults to `true`; | ||
| - `async validateFunc` - an optional session validation function used to validate the content of the |
There was a problem hiding this comment.
Do you think async should be here? It could confuse people, thinking that async is part of the property name? In hapi-auth-basic I put it as part of the signature: https://github.com/hapijs/hapi-auth-basic#hapi-auth-basic
There was a problem hiding this comment.
In hapi docs its in the description signature.
README.md
Outdated
| console.log('Server ready'); | ||
| }; | ||
|
|
||
| exports.start().catch((err) => { |
There was a problem hiding this comment.
test/helpers.js
Outdated
| server.route({ | ||
| method: 'GET', path: '/resource', handler: function (request, h) { | ||
|
|
||
| return h.response('resource'); |
test/helpers.js
Outdated
| handler: function (request, h) { | ||
|
|
||
| request.cookieAuth.set({ user: request.params.user }); | ||
| return h.response(request.params.user); |
| if (settings.clearInvalid) { | ||
| reply.unstate(settings.cookie); | ||
| } | ||
| Hoek.assert(typeof result === 'object', 'Invalid return from validateFunc'); |
There was a problem hiding this comment.
Here you're validating the user's own code. It feels a bit out of scope, they should have tests.
There was a problem hiding this comment.
Personally I find it useful that the framework verifies the results of user provided hooks for ease of debugging, unless the benefits are outweighed by performance concerns.
There was a problem hiding this comment.
There's no harm in it I guess. I don't think there's any perf concerns with a couple of asserts.
|
@mrlannigan I appreciate your work on this and am anxious to use it with Hapi v17. Are there any remaining issues to be addressed? |
|
I'm also anxious to see this being integrated, I'm already using it (via my namespaced package) :) |
|
Will this be accepted? Or should I go with the namespaced package: https://www.npmjs.com/package/@arve.knudsen/hapi-auth-cookie |
|
@mrlannigan i'm going to make you the new maintainer of this module and let you merge and publish this at will. what's your npm username so we can get you permissions there? |
|
also, you have a pending invitation to the hapijs org, iirc you can go to https://github.com/hapijs to accept it |
|
@nlf Thank you! @toddhickerson I am going to address @mtharrison changes then work on a release. |
|
@mrlannigan what's your npm username? |
|
Sorry @nlf, it's the same as my github username: mrlannigan |
|
No worries, I just gave you publish permissions there. Module's all yours! |
|
It was merged without any approvals? |
|
It’s his module now and his pull request, it’s on him to maintain as he sees fit |
|
@mtharrison I felt like I had addressed all the blocking changes and next time I will definitely either explicitly ask for the disapproval to be reevaluated or I will dismiss it with an explanation. |
|
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
Breaking change
validateFuncfunction signature, see Readme.This includes updates to all tests, example, and documentation.