fix error handling

Author: felixheck

src/index.js

@@ -3,7 +3,7 @@ const { GrantManager } = require('keycloak-auth-utils')
 const KeycloakToken = require('keycloak-auth-utils/lib/token')
 const cache = require('./cache')
 const token = require('./token')
-const { raiseError, errors, fakeToolkit, verify } = require('./utils')
+const { raiseUnauthorized, errors, fakeToolkit, verify } = require('./utils')
 const pkg = require('../package.json')
 
 /**
@@ -45,7 +45,7 @@ async function verifySignedJwt (tkn) {
  * @param {string} tkn The token to be validated
  * @returns {Promise} The error-handled promise
  *
- * @throws {Error} If token is invalid or request fails
+ * @throws {Error} If token is invalid or request failed
  */
 async function introspect (tkn) {
   try {
@@ -67,7 +67,7 @@ async function introspect (tkn) {
  * @param {string} tkn The token to be used for authentication
  * @returns {Promise} The modified, non-error-handling promise
  *
- * @throws {Error} If request failed or token is invalid
+ * @throws {Error} If token is invalid or request failed
  */
 async function getRpt (tkn) {
   let data = {}
@@ -109,7 +109,7 @@ function getValidateFn () {
  * @param {string} tkn The token to be validated
  * @param {Function} h The toolkit
  *
- * @throws {Boom.unauthorized} If validation fails
+ * @throws {Boom.unauthorized} If previous validation fails
  */
 async function handleKeycloakValidation (tkn, h) {
   try {
@@ -120,7 +120,7 @@ async function handleKeycloakValidation (tkn, h) {
     await cache.set(store, tkn, userData, expiresIn)
     return h.authenticated(userData)
   } catch (err) {
-    throw raiseError('unauthorized', err, errors.invalid)
+    throw raiseUnauthorized(err, errors.invalid)
   }
 }
 
@@ -142,7 +142,7 @@ async function validate (field, h = (data) => data) {
   const reply = fakeToolkit(h)
 
   if (!tkn) {
-    throw raiseError('unauthorized', null, errors.missing)
+    throw raiseUnauthorized(null, errors.missing)
   }
 
   const cached = await cache.get(store, tkn)
@@ -180,7 +180,7 @@ function strategy (server) {
  * @param {Hapi.Server} server The created server instance
  * @param {Object} opts The plugin related options
  */
-function plugin (server, opts) {
+function register (server, opts) {
   options = verify(opts)
   manager = new GrantManager(options)
   store = cache.create(server, options.cache)
@@ -189,7 +189,4 @@ function plugin (server, opts) {
   server.decorate('server', 'kjwt', { validate })
 }
 
-module.exports = {
-  register: plugin,
-  pkg
-}
+module.exports = { register, pkg }

src/utils.js

@@ -64,17 +64,18 @@ function verify (opts) {
  * @function
  * @public
  *
- * Get `Boom` error with bound scheme.
- * If error is available, use its message.
- * Otherwise the provided message.
+ * Get `Boom.unauthorized` error with bound scheme and
+ * further attributes If error is available, use its
+ * message. Otherwise the provided message.
  *
- * @param {string} type The `Boom` error type
  * @param {Error|null} err The error object
  * @param {string} msg The error message
  * @returns {Boom} The created `Boom` error
  */
-function raiseError (type, err, msg) {
-  return boom[type](err ? err.message : msg, 'Bearer')
+function raiseUnauthorized (err, msg) {
+  return boom.unauthorized(err ? err.message : msg, 'Bearer', {
+    strategy: 'keycloak-jwt'
+  })
 }
 
 const errors = {
@@ -101,7 +102,7 @@ function fakeToolkit (h) {
 }
 
 module.exports = {
-  raiseError,
+  raiseUnauthorized,
   errors,
   fakeToolkit,
   verify

test/index.entitlement.spec.js

@@ -84,7 +84,7 @@ test('authentication does fail – invalid token', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="Retrieving the RPT failed"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Retrieving the RPT failed"')
 })
 
 test('authentication does fail – invalid header', async (t) => {
@@ -95,5 +95,5 @@ test('authentication does fail – invalid header', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="Missing or invalid authorization header"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Missing or invalid authorization header"')
 })

test/index.introspect.spec.js

@@ -66,7 +66,7 @@ test('authentication does fail – invalid token', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="Invalid credentials"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Invalid credentials"')
 })
 
 test('authentication does fail – invalid header', async (t) => {
@@ -77,5 +77,5 @@ test('authentication does fail – invalid header', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="Missing or invalid authorization header"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Missing or invalid authorization header"')
 })

test/index.server.spec.js

@@ -42,7 +42,7 @@ test('server method – authentication does fail – invalid token', async (t) =
   t.truthy(err)
   t.truthy(err.isBoom)
   t.is(err.output.statusCode, 401)
-  t.is(err.output.headers['WWW-Authenticate'], 'Bearer error="Invalid credentials"')
+  t.is(err.output.headers['WWW-Authenticate'], 'Bearer strategy="keycloak-jwt", error="Invalid credentials"')
 })
 
 test('server method – authentication does fail – invalid header', async (t) => {
@@ -52,7 +52,7 @@ test('server method – authentication does fail – invalid header', async (t)
   t.truthy(err)
   t.truthy(err.isBoom)
   t.is(err.output.statusCode, 401)
-  t.is(err.output.headers['WWW-Authenticate'], 'Bearer error="Missing or invalid authorization header"')
+  t.is(err.output.headers['WWW-Authenticate'], 'Bearer strategy="keycloak-jwt", error="Missing or invalid authorization header"')
 })
 
 test('server method – authentication does fail – error', async (t) => {
@@ -64,5 +64,5 @@ test('server method – authentication does fail – error', async (t) => {
   t.truthy(err)
   t.truthy(err.isBoom)
   t.is(err.output.statusCode, 401)
-  t.is(err.output.headers['WWW-Authenticate'], 'Bearer error="Invalid credentials"')
+  t.is(err.output.headers['WWW-Authenticate'], 'Bearer strategy="keycloak-jwt", error="Invalid credentials"')
 })

test/index.verify.spec.js

@@ -49,7 +49,7 @@ test('authentication does fail – expired token', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="invalid token (expired)"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="invalid token (expired)"')
 })
 
 test('authentication does fail – invalid header', async (t) => {
@@ -59,5 +59,5 @@ test('authentication does fail – invalid header', async (t) => {
 
   t.truthy(res)
   t.is(res.statusCode, 401)
-  t.is(res.headers['www-authenticate'], 'Bearer error="Missing or invalid authorization header"')
+  t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Missing or invalid authorization header"')
 })

test/utils.spec.js

@@ -3,22 +3,28 @@ const test = require('ava')
 const utils = require('../src/utils')
 
 test('get boom error with default message', (t) => {
-  const result = utils.raiseError('badRequest')
+  const result = utils.raiseUnauthorized()
   t.truthy(result)
-  t.deepEqual(result, boom.badRequest(undefined, 'Bearer'))
+  t.deepEqual(result, boom.unauthorized(undefined, 'Bearer', {
+    strategy: 'keycloak-jwt'
+  }))
 })
 
 test('get boom error with default message', (t) => {
-  const result = utils.raiseError('badRequest', undefined, 'foobar')
+  const result = utils.raiseUnauthorized(undefined, 'foobar')
   t.truthy(result)
-  t.deepEqual(result, boom.badRequest('foobar', 'Bearer'))
+  t.deepEqual(result, boom.unauthorized('foobar', 'Bearer', {
+    strategy: 'keycloak-jwt'
+  }))
 })
 
 test('get boom error with error message', (t) => {
   const mockErr = new Error('barfoo')
-  const result = utils.raiseError('badRequest', mockErr, 'foobar')
+  const result = utils.raiseUnauthorized(mockErr, 'foobar')
   t.truthy(result)
-  t.deepEqual(result, boom.badRequest(mockErr.message, 'Bearer'))
+  t.deepEqual(result, boom.unauthorized(mockErr.message, 'Bearer', {
+    strategy: 'keycloak-jwt'
+  }))
 })
 
 test('decorate callback function with `authenticated`', (t) => {