Hapi: Default auth scope not compatible with route auth scope
Support plan
- which support plan is this issue covered by? (e.g. Community, Core, Plus, or Enterprise): Community
- is this issue currently blocking your project? (yes/no): Yes
- is this issue affecting a production system? (yes/no): No
Context
- node version: 10.15.3
- module version with issue: 18.4.1
- last module version without issue: 16.x
- environment (e.g. node, browser, native): node
- used with (e.g. hapi application, another framework, standalone, ...): An auth scheme
- any other relevant information: -
What are you trying to achieve or the steps to reproduce?
I have a default auth setting and want to add a route with options.auth.mode = optional. This results in an error.
When scope is present in the default auth settings a route with auth options but without options.auth.access.scope will result in an error.
The scope of the default auth settings is stored in the expanded form, which is not compatible with how the routes are configured.
Example to provoke the error:
'use strict';
const Hapi = require('@hapi/hapi');
const validate = async (request, username, password, h) => {
return { isValid: true };
};
const main = async () => {
const server = Hapi.server({ port: 4000 });
await server.register(require('@hapi/basic'));
server.auth.strategy('simple', 'basic', { validate });
server.auth.default({
strategy: 'simple',
access: {
scope: [ 'user' ]
}
});
server.route({
method: 'GET',
path: '/',
options: {
auth: {
mode: 'optional'
}
},
handler: function (request, h) {
return 'welcome';
}
});
await server.start();
return server;
};
main()
.then((server) => console.log(`Server listening on ${server.info.uri}`))
.catch((err) => {
console.error(err);
process.exit(1);
});
I used an online editor to create this example, and it didn't support v19 of hapi, but looking at the code the result should be the same.
What was the result you got?
TypeError: access.scope is not iterable
at Object.internals.setupScope (/home/runner/LimeImpracticalStaff/node_modules/@hapi/hapi/lib/auth.js:424:32)
at module.exports.internals.Auth._setupRoute (/home/runner/LimeImpracticalStaff/node_modules/@hapi/hapi/lib/auth.js:172:42)
at new module.exports.internals.Route (/home/runner/LimeImpracticalStaff/node_modules/@hapi/hapi/lib/route.js:139:71)
at internals.Server._addRoute (/home/runner/LimeImpracticalStaff/node_modules/@hapi/hapi/lib/server.js:485:23)
at internals.Server.route (/home/runner/LimeImpracticalStaff/node_modules/@hapi/hapi/lib/server.js:478:22)
at main (/home/runner/LimeImpracticalStaff/index.js:23:12)
at process._tickCallback (internal/process/next_tick.js:68:7)
at Function.Module.runMain (internal/modules/cjs/loader.js:834:11)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
The error happens because access.scope = { selection: [ 'user' ] } is not an array, here: https://github.com/hapijs/hapi/blob/v18.4.1/lib/auth.js#L424.
What result did you expect?
The route should use the default scope.
hovmand
All 3 comments
@hovmand Looking at the API reference, looks like the default scope should be specified as access.scope. Does that fix your issue?
jonathansamines
on 7 Apr 2020
Hi @jonathansamines That was a small inconsistency in my end. You are correct it should.
But, the result is the same.
I've updated the example. Please verify that was what you meant?
(Looks like this backwards compatibility helped me: https://github.com/hapijs/hapi/blob/v18.4.1/lib/auth.js#L165)
hovmand
on 7 Apr 2020
Resolved by #4089. Thanks for the contribution @jonathansamines!
devinivy
on 9 Nov 2020
Related issues
foobar1123
路
3Comments
jeremiahlee
路
4Comments
midknight41
路
4Comments
taoeffect
路
3Comments
mateeyow
路
5Comments