Improve support for custom error handlers

mcollina · mcollina · commit 7593a790adfb · 2019-04-02T10:50:31.000+02:00
diff --git a/README.md b/README.md
@@ -97,6 +97,26 @@ fastify.after(() => {
 })
 ```
 
+### Custom error handler
+
+On failed authentication, *fastify-basic-auth* will call the Fastify
+[generic error
+handler](https://www.fastify.io/docs/latest/Server/#seterrorhandler) with an error.
+*fastify-basic-auth* sets the `err.statusCode` property to `401`.
+
+In order to properly `401` errors:
+
+```js
+fastify.setErrorHandler(function (err, req, reply) {
+  if (err.statusCode === 401) {
+    // this was unauthorized! Display the correct page/message.
+    reply.send({ was: 'unauthorized' })
+    return
+  }
+  reply.send(err)
+})
+```
+
 ## Options
 
 ### `validate` <Function> (required)
diff --git a/index.js b/index.js
@@ -2,6 +2,7 @@
 
 const fp = require('fastify-plugin')
 const auth = require('basic-auth')
+const { Unauthorized } = require('http-errors')
 
 function basicPlugin (fastify, opts, next) {
   if (typeof opts.validate !== 'function') {
@@ -19,7 +20,7 @@ function basicPlugin (fastify, opts, next) {
     }
     var credentials = auth(req)
     if (credentials == null) {
-      done(new Error('Missing or bad formatted authorization header'))
+      done(new Unauthorized('Missing or bad formatted authorization header'))
     } else {
       var result = validate(credentials.name, credentials.pass, req, reply, done)
       if (result && typeof result.then === 'function') {
@@ -29,7 +30,10 @@ function basicPlugin (fastify, opts, next) {
 
     function done (err) {
       if (err !== undefined) {
-        reply.code(401)
+        // We set the status code to be 401 if it is not set
+        if (!err.statusCode) {
+          err.statusCode = 401
+        }
         next(err)
       } else {
         next()
diff --git a/package.json b/package.json
@@ -31,6 +31,7 @@
   },
   "dependencies": {
     "basic-auth": "^2.0.0",
-    "fastify-plugin": "^1.0.1"
+    "fastify-plugin": "^1.0.1",
+    "http-errors": "^1.7.2"
   }
 }
diff --git a/test.js b/test.js
@@ -4,6 +4,7 @@ const { test } = require('tap')
 const Fastify = require('fastify')
 const basicAuth = require('./index')
 const fastifyAuth = require('fastify-auth')
+const { Unauthorized } = require('http-errors')
 
 test('Basic', t => {
   t.plan(2)
@@ -384,7 +385,7 @@ test('Hook with fastify-auth- 401', t => {
 })
 
 test('Missing header', t => {
-  t.plan(2)
+  t.plan(3)
 
   const fastify = Fastify()
   fastify.register(basicAuth, { validate })
@@ -414,6 +415,11 @@ test('Missing header', t => {
   }, (err, res) => {
     t.error(err)
     t.strictEqual(res.statusCode, 401)
+    t.deepEqual(JSON.parse(res.payload), {
+      statusCode: 401,
+      error: 'Unauthorized',
+      message: 'Missing or bad formatted authorization header'
+    })
   })
 })
 
@@ -456,6 +462,95 @@ test('Fastify context', t => {
   })
 })
 
+test('setErrorHandler custom error and 401', t => {
+  t.plan(4)
+
+  const fastify = Fastify()
+  fastify
+    .register(fastifyAuth)
+    .register(basicAuth, { validate })
+
+  function validate (username, password, req, res, done) {
+    done(new Error('Winter is coming'))
+  }
+
+  fastify.after(() => {
+    fastify.addHook('preHandler', fastify.auth([fastify.basicAuth]))
+    fastify.route({
+      method: 'GET',
+      url: '/',
+      handler: (req, reply) => {
+        reply.send({ hello: 'world' })
+      }
+    })
+  })
+
+  fastify.setErrorHandler(function (err, req, reply) {
+    t.strictEqual(err.statusCode, 401)
+    reply.send(err)
+  })
+
+  fastify.inject({
+    url: '/',
+    method: 'GET',
+    headers: {
+      authorization: basicAuthHeader('user', 'pwdd')
+    }
+  }, (err, res) => {
+    t.error(err)
+    t.strictEqual(res.statusCode, 401)
+    t.deepEqual(JSON.parse(res.payload), {
+      error: 'Unauthorized',
+      message: 'Winter is coming',
+      statusCode: 401
+    })
+  })
+})
+
+test('Missing header and custom error handler', t => {
+  t.plan(4)
+
+  const fastify = Fastify()
+  fastify.register(basicAuth, { validate })
+
+  function validate (username, password, req, res, done) {
+    if (username === 'user' && password === 'pwd') {
+      done()
+    } else {
+      done(new Error('Unauthorized'))
+    }
+  }
+
+  fastify.after(() => {
+    fastify.route({
+      method: 'GET',
+      url: '/',
+      beforeHandler: fastify.basicAuth,
+      handler: (req, reply) => {
+        reply.send({ hello: 'world' })
+      }
+    })
+  })
+
+  fastify.setErrorHandler(function (err, req, reply) {
+    t.ok(err instanceof Unauthorized)
+    reply.send(err)
+  })
+
+  fastify.inject({
+    url: '/',
+    method: 'GET'
+  }, (err, res) => {
+    t.error(err)
+    t.strictEqual(res.statusCode, 401)
+    t.deepEqual(JSON.parse(res.payload), {
+      statusCode: 401,
+      error: 'Unauthorized',
+      message: 'Missing or bad formatted authorization header'
+    })
+  })
+})
+
 function basicAuthHeader (username, password) {
   return 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64')
 }

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@`
`31`	`31`	`},`
`32`	`32`	`"dependencies": {`
`33`	`33`	`"basic-auth": "^2.0.0",`
`34`		`- "fastify-plugin": "^1.0.1"`
	`34`	`+ "fastify-plugin": "^1.0.1",`
	`35`	`+ "http-errors": "^1.7.2"`
`35`	`36`	`}`
`36`	`37`	`}`