Add more context to 401 errors

Author: felixheck

src/apiKey.js

@@ -70,12 +70,13 @@ function getRequestOptions (request, options) {
  * additional api key interceptor.
  *
  * @param {Hapi.server} server The related hapi server object
+ * @param {Object} pluginOptions The plugin related options
  * @param {Object} options The api key related options
  * @param {string} url The url to be requested
  *
  * @throws {Boom.unauthorized} If requesting the access token failed
  */
-function extendLifeCycle (server, options, url) {
+function extendLifeCycle (server, pluginOptions, options, url) {
   server.ext('onRequest', async (request, h) => {
     const requestOptions = getRequestOptions(request, options)
 
@@ -87,7 +88,12 @@ function extendLifeCycle (server, options, url) {
 
         request.headers.authorization = `Bearer ${token}`
       } catch (err) {
-        throw raiseUnauthorized(errorMessages.apiKey, err.message, options.prefix.trim())
+        throw raiseUnauthorized(
+          errorMessages.apiKey,
+          err.message,
+          pluginOptions.schemeName,
+          options.prefix.trim()
+        )
       }
     }
 
@@ -111,7 +117,7 @@ function init (server, pluginOptions) {
   const url = parseUrl(pluginOptions)
 
   if (options) {
-    extendLifeCycle(server, options, url)
+    extendLifeCycle(server, pluginOptions, options, url)
   }
 }
 

src/index.js

@@ -121,7 +121,7 @@ async function handleKeycloakValidation (tkn, h) {
     await cache.set(store, tkn, userData, expiresIn)
     return h.authenticated(userData)
   } catch (err) {
-    throw raiseUnauthorized(errorMessages.invalid, err.message)
+    throw raiseUnauthorized(errorMessages.invalid, err.message, options.schemeName)
   }
 }
 
@@ -140,14 +140,14 @@ async function handleKeycloakValidation (tkn, h) {
  */
 async function validate (field, h = (data) => data) {
   if (!field) {
-    throw raiseUnauthorized(errorMessages.missing)
+    throw raiseUnauthorized(errorMessages.missing, null, options.schemeName)
   }
 
   const tkn = token.create(field)
   const reply = fakeToolkit(h)
 
   if (!tkn) {
-    throw raiseUnauthorized(errorMessages.invalid)
+    throw raiseUnauthorized(errorMessages.invalid, null, options.schemeName)
   }
 
   const cached = await cache.get(store, tkn)

src/utils.js

@@ -117,15 +117,16 @@ function verify (opts) {
  * @param {Error|null|undefined} err The error object
  * @param {string} message The error message
  * @param {string} reason The reason for the thrown error
+ * @param {string} strategy The strategy name
  * @param {string} [scheme = 'Bearer'] The related scheme
  * @returns {Boom.unauthorized} The created `Boom` error
  */
-function raiseUnauthorized (error, reason, scheme = 'Bearer') {
+function raiseUnauthorized (error, reason, strategy, scheme = 'Bearer') {
   return boom.unauthorized(
     error !== errorMessages.missing ? error : null,
-    scheme,
+    `${scheme} (${strategy})`,
     {
-      strategy: 'keycloak-jwt',
+      strategy,
       ...(error === errorMessages.missing ? { error } : {}),
       ...(reason && error !== reason ? { reason } : {})
     }

test/utils.spec.js

@@ -3,15 +3,15 @@ const test = require('ava')
 const utils = require('../src/utils')
 
 test('get boom error with default message', (t) => {
-  const result = utils.raiseUnauthorized()
+  const result = utils.raiseUnauthorized(null, null, 'keycloak-jwt')
   t.truthy(result)
   t.deepEqual(result, boom.unauthorized(undefined, 'Bearer', {
     strategy: 'keycloak-jwt'
   }))
 })
 
 test('get boom error with reason', (t) => {
-  const result = utils.raiseUnauthorized(null, 'foobar')
+  const result = utils.raiseUnauthorized(null, 'foobar', 'keycloak-jwt')
   t.truthy(result)
   t.deepEqual(result, boom.unauthorized(undefined, 'Bearer', {
     strategy: 'keycloak-jwt',
@@ -20,15 +20,15 @@ test('get boom error with reason', (t) => {
 })
 
 test('get boom error with custom scheme', (t) => {
-  const result = utils.raiseUnauthorized(null, null, 'custom')
+  const result = utils.raiseUnauthorized(null, null, 'keycloak-jwt', 'custom')
   t.truthy(result)
   t.deepEqual(result, boom.unauthorized(undefined, 'custom', {
     strategy: 'keycloak-jwt'
   }))
 })
 
 test('get boom error with error message', (t) => {
-  const result = utils.raiseUnauthorized('foobar')
+  const result = utils.raiseUnauthorized('foobar', null, 'keycloak-jwt')
   t.truthy(result)
   t.deepEqual(result, boom.unauthorized('foobar', 'Bearer', {
     strategy: 'keycloak-jwt'