Merge branch 'v2.x'

# Conflicts:
#	CHANGELOG.md
#	README.md
#	lib/index.js
#	package.json

Author: rkusa

CHANGELOG.md

@@ -1,5 +1,37 @@
 # Changelog
 
+## upcoming 3.0
+
+- remove `ctx.passport` and save state variables (like `_passport` and `user`) in `ctx.state` instead
+- prevent `passport` from monkey patching `http.IncomingMessage`
+- change arguments from custom authentication callbacks from `user, info, status` to `err, user, info, status` (`err` added) to be consistent with passport
+
+## 2.2.2
+
+- remove `ctx.req.user` deprecation warning for now #66
+
+## 2.2.1
+
+- fix middleware to properly catch promise errors #63
+
+## 2.2.0
+
+- move `user` into `ctx.state`
+- user in `ctx.req.user` is deprecated and will removed eventually
+
+## 2.1.0
+
+- export KoaPassport as an alternative to the by default exported singleton
+
+## 2.0.1
+
+- use strict
+
+## 2.0.0
+
+- use promises rather than generators for `[email protected]` compatibility
+- use some es6 features
+
 ## 1.3.0
 
 - export KoaPassport as an alternative to the by default exported singleton

README.md

@@ -9,27 +9,46 @@
 koa-passport version  | koa version | branch | npm tag
 --------------------- | ------------| ------ | -------
 1.x                   | 1.x         | master | latest
-2.x                   | 2.x         | v2.x   | next
+2.x, 3.x              | 2.x         | v2.x   | next
+
+## Migration to v`3.0.0-rc.1`
+
+- change `ctx.passport.*` to `ctx.state.*` (e.g. `ctx.passport.user` to `ctx.state.user`)
+- don't call passport methods on `ctx.req` (e.g. use `ctx.login` instead of `ctx.req.login`)
+- update custom authentication callback arguments to `err, user, info, status` (e.g. `passport.authenticate('local', function(err, user, info, status) { ... })(ctx, next)`)
 
 ## Usage
 
 ```js
 // body parser
-var bodyParser = require('koa-bodyparser')
+const bodyParser = require('koa-bodyparser')
 app.use(bodyParser())
 
 // Sessions
-var session = require('koa-session')
+const convert = require('koa-convert') // necessary until koa-generic-session has been updated to support koa@2
+const session = require('koa-generic-session')
 app.keys = ['secret']
-app.use(session(app))
+app.use(convert(session()))
 
-var passport = require('koa-passport')
+const passport = require('koa-passport')
 app.use(passport.initialize())
 app.use(passport.session())
 ```
 
 [Example Application](https://github.com/rkusa/koa-passport-example)
 
+Passport's values and methods are exposed as follows:
+
+```js
+app.use(async ctx => {
+  ctx.isAuthenticated()
+  ctx.isUnauthenticated()
+  ctx.login()
+  ctx.logout()
+  ctx.state.user
+})
+```
+
 ## License
 
   [MIT](LICENSE)

lib/framework/koa.js

@@ -1,14 +1,16 @@
+'use strict'
+
 /**
  * Module dependencies.
  */
-var passport = require('passport')
-var co = require('co')
+const passport = require('passport')
 
 /**
  * Passport's default/connect middleware.
  */
-var _initialize   = require('passport/lib/middleware/initialize')
-var _authenticate = require('passport/lib/middleware/authenticate')
+const _initialize   = require('passport/lib/middleware/initialize')
+const _authenticate = require('passport/lib/middleware/authenticate')
+const createReqMock = require('./request').create
 
 /**
  * Passport's initialization middleware for Koa.
@@ -17,42 +19,46 @@ var _authenticate = require('passport/lib/middleware/authenticate')
  * @api private
  */
 function initialize(passport) {
-  var middleware = _initialize(passport)
-  return function* passportInitialize(next) {
-    var ctx = this
-
+  const middleware = promisify(_initialize(passport))
+  return function passportInitialize(ctx, next) {
     // koa <-> connect compatibility:
-    this.passport = {}
-    var userProperty = passport._userProperty || 'user'
+    const userProperty = passport._userProperty || 'user'
     // check ctx.req has the userProperty
     if (!ctx.req.hasOwnProperty(userProperty)) {
       Object.defineProperty(ctx.req, userProperty, {
         enumerable: true,
         get: function() {
-          return ctx.passport[userProperty]
+          return ctx.state[userProperty]
         },
         set: function(val) {
-          ctx.passport[userProperty] = val
+          ctx.state[userProperty] = val
         }
       })
     }
 
-    var req = createReqMock(ctx)
+    // create mock object for express' req object
+    const req = createReqMock(ctx)
 
-    // add aliases for passport's request extensions to Koa's context
-    var login  = ctx.req.login
-    var logout = ctx.req.logout
 
+    // add Promise-based login method
+    const login  = req.login
     ctx.login = ctx.logIn = function(user, options) {
-      return login.bind(req, user, options)
+      return new Promise((resolve, reject) => {
+        login.call(req, user, options, err => {
+          if (err) reject(err)
+          else resolve()
+        })
+      })
     }
-    ctx.req.login = ctx.req.logIn = login.bind(req)
-    ctx.logout = ctx.logOut = ctx.req.logout = ctx.req.logOut = logout.bind(req)
-    ctx.isAuthenticated     = ctx.req.isAuthenticated   = ctx.req.isAuthenticated.bind(req)
-    ctx.isUnauthenticated   = ctx.req.isUnauthenticated = ctx.req.isUnauthenticated.bind(req)
 
-    yield middleware.bind(middleware, req, ctx)
-    yield next
+    // add aliases for passport's request extensions to Koa's context
+    ctx.logout = ctx.logOut = req.logout.bind(req)
+    ctx.isAuthenticated     = req.isAuthenticated.bind(req)
+    ctx.isUnauthenticated   = req.isUnauthenticated.bind(req)
+
+    return middleware(req, ctx).then(function() {
+      return next()
+    })
   }
 }
 
@@ -74,47 +80,40 @@ function authenticate(passport, name, options, callback) {
   options = options || {}
 
   if (callback) {
-    if (callback.constructor.name !== 'GeneratorFunction') {
-      throw TypeError('Your custom authentication callback must be a Generator Function')
-    }
-
     // When the callback is set, neither `next`, `res.redirect` or `res.end`
     // are called. That is, a workaround to catch the `callback` is required.
     // The `passportAuthenticate()` method below will therefore set
-    // `callback.done`. Then, once the authentication finishes, the modified
-    // callback yields the original one and afterwards triggers `callback.done`
-    // to inform `passportAuthenticate()` that we are ready.
-    var _callback = callback
-    callback = co.wrap(function*(err, user, info, status) {
-      try {
-        yield _callback(err, user, info, status)
-        callback.done(null, false)
-      } catch (err) {
-        callback.done(err);
-      }
-    })
+    // `callback.resolve` and `callback.reject`. Then, once the authentication
+    // finishes, the modified callback calls the original one and afterwards
+    // triggers either `callback.resolve` or `callback.reject` to inform
+    // `passportAuthenticate()` that we are ready.
+    const _callback = callback
+    callback = function(err, user, info, status) {
+      Promise.resolve(_callback(err, user, info, status))
+             .then(() => callback.resolve(false))
+             .catch(err => callback.reject(err))
+    }
   }
 
-  var middleware = _authenticate(passport, name, options, callback)
-  return function* passportAuthenticate(next) {
-    var ctx = this
+  const middleware = promisify(_authenticate(passport, name, options, callback))
 
+  return function passportAuthenticate(ctx, next) {
     // this functions wraps the connect middleware
     // to catch `next`, `res.redirect` and `res.end` calls
-    var cont = yield function(done) {
+    const p = new Promise((resolve, reject) => {
       // mock the `req` object
-      var req = createReqMock(ctx)
+      const req = createReqMock(ctx)
 
       // mock the `res` object
-      var res = {
+      const res = {
         redirect: function(url) {
           ctx.redirect(url)
-          done(null, false)
+          resolve(false)
         },
         setHeader: ctx.set.bind(ctx),
         end: function(content) {
           if (content) ctx.body = content
-          done(null, false)
+          resolve(false)
         },
         set statusCode(status) {
           ctx.status = status
@@ -124,19 +123,23 @@ function authenticate(passport, name, options, callback) {
         }
       }
 
+      // update the custom callback above
       if (callback) {
-        callback.done = done
+        callback.resolve = resolve
+        callback.reject  = reject
       }
 
       // call the connect middleware
-      middleware(req, res, done)
-    }
+      middleware(req, res).then(resolve, reject)
+    })
 
-    // cont equals `false` when `res.redirect` or `res.end` got called
-    // in this case, yield next to continue through Koa's middleware stack
-    if (cont !== false) {
-      yield next
-    }
+    return p.then(cont => {
+      // cont equals `false` when `res.redirect` or `res.end` got called
+      // in this case, call next to continue through Koa's middleware stack
+      if (cont !== false) {
+        return next()
+      }
+    })
   }
 }
 
@@ -169,15 +172,19 @@ function authorize(passport, name, options, callback) {
  */
 module.exports = function() {
   return {
-    initialize: initialize,
+    initialize:   initialize,
     authenticate: authenticate,
-    authorize: authorize
+    authorize:    authorize
   }
 }
 
-// create request mock
-var properties = require('./request')
-function createReqMock(ctx) {
-  var req = Object.create(ctx.request, properties)
-  return req
+function promisify(expressMiddleware) {
+  return function(req, res) {
+    return new Promise(function(resolve, reject) {
+      expressMiddleware(req, res, function(err, result) {
+        if (err) reject(err)
+        else resolve(result)
+      })
+    })
+  }
 }

lib/framework/request.js

@@ -25,18 +25,14 @@
 // Until this is fixed, koa-passport tries to properly delegate every possible
 // used property/method.
 
+'use strict'
+
 // Property/Method names to be delegated
-var keys = [
+let keys = [
   // passport
   '_passport',
   'user',
   'account',
-  'login',
-  'logIn',
-  'logout',
-  'logOut',
-  'isAuthenticated',
-  'isUnauthenticated',
   'authInfo',
 
   // http.IncomingMessage
@@ -70,13 +66,13 @@ keys = keys.filter(function(key, i, self) {
 })
 
 // create a delegate for each key
-var properties = module.exports = {
+const properties = {
   // mock express' .get('trust proxy')
   app: {
     // getter returning a mock for `req.app` containing
     // the `.get()` method
     get: function() {
-      var ctx = this.ctx
+      const ctx = this.ctx
       return {
         get: function(key) {
           if (key === 'trust proxy') {
@@ -93,7 +89,7 @@ var properties = module.exports = {
 keys.forEach(function(key) {
   properties[key] = {
     get: function() {
-      var obj = getObject(this.ctx, key)
+      const obj = getObject(this.ctx, key)
       if (!obj) return undefined
 
       // if its a function, call with the proper context
@@ -107,17 +103,17 @@ keys.forEach(function(key) {
       return obj[key]
     },
     set: function(value) {
-      var obj = getObject(this.ctx, key) || this.ctx.passport
+      const obj = getObject(this.ctx, key) || this.ctx.state
       obj[key] = value
     }
   }
 })
 
-// test where the key is available, either in `ctx.passport`, Node's request,
+// test where the key is available, either in `ctx.state`, Node's request,
 // Koa's request or Koa's context
 function getObject(ctx, key) {
-  if (ctx.passport && (key in ctx.passport)) {
-    return ctx.passport
+  if (ctx.state && (key in ctx.state)) {
+    return ctx.state
   }
 
   if (key in ctx.request) {
@@ -134,3 +130,19 @@ function getObject(ctx, key) {
 
   return undefined
 }
+
+const IncomingMessageExt = require('passport/lib/http/request')
+
+exports.create = function(ctx) {
+  const req = Object.create(ctx.request, properties)
+
+  // add passport http.IncomingMessage extensions
+  req.login = IncomingMessageExt.logIn
+  req.logIn = IncomingMessageExt.logIn
+  req.logout = IncomingMessageExt.logOut
+  req.logOut = IncomingMessageExt.logOut
+  req.isAuthenticated = IncomingMessageExt.isAuthenticated
+  req.isUnauthenticated = IncomingMessageExt.isUnauthenticated
+
+  return req
+}