Feature to allow custom verify providers for individual authentication context (#27)

Author: akshatdubeysf

src/decorators/authenticate-user.decorator.ts

@@ -1,11 +1,13 @@
 import {
+  BindingKey,
   Constructor,
   MetadataInspector,
   MethodDecoratorFactory,
 } from '@loopback/context';
 import {Request} from '@loopback/rest';
 
 import {USER_AUTHENTICATION_METADATA_KEY} from '../keys';
+import {VerifyFunction} from '../strategies';
 import {AuthenticationMetadata} from '../types';
 
 /**
@@ -15,6 +17,7 @@ import {AuthenticationMetadata} from '../types';
  * like `Strategy.LOCAL`
  * @param options       Extra options to be passed on
  * while instantiating strategy specific class
+ * @param verifier    Binding key for a custom verifier
  * @param authOptions   Extra options to be passed on to `authenticate` method
  * of the strategy.
  * This is a creator function which should return an object with options.
@@ -26,13 +29,15 @@ export function authenticate(
   strategyName: string,
   options?: Object,
   authOptions?: (req: Request) => Object,
+  verifier?: BindingKey<VerifyFunction.GenericAuthFn>,
 ) {
   return MethodDecoratorFactory.createDecorator<AuthenticationMetadata>(
     USER_AUTHENTICATION_METADATA_KEY,
     {
       strategy: strategyName,
       options: options ?? {},
       authOptions: authOptions,
+      verifier,
     },
   );
 }

src/strategies/passport/passport-azure-ad/azuread-auth-strategy-factory-provider.ts

@@ -15,6 +15,7 @@ import {
 export interface AzureADAuthStrategyFactory {
   (
     options: IOIDCStrategyOptionWithoutRequest | IOIDCStrategyOptionWithRequest,
+    verifierPassed?: VerifyFunction.AzureADAuthFn,
   ): OIDCStrategy;
 }
 
@@ -26,12 +27,15 @@ export class AzureADAuthStrategyFactoryProvider
   ) {}
 
   value(): AzureADAuthStrategyFactory {
-    return (options) => this.getAzureADAuthStrategyVerifier(options);
+    return (options, verifier) =>
+      this.getAzureADAuthStrategyVerifier(options, verifier);
   }
 
   getAzureADAuthStrategyVerifier(
     options: IOIDCStrategyOptionWithoutRequest | IOIDCStrategyOptionWithRequest,
+    verifierPassed?: VerifyFunction.AzureADAuthFn,
   ): OIDCStrategy {
+    const verifyFn = verifierPassed ?? this.verifierAzureADAuth;
     if (options && options.passReqToCallback === true) {
       return new OIDCStrategy(
         options,
@@ -43,7 +47,7 @@ export class AzureADAuthStrategyFactoryProvider
           }
 
           try {
-            const user = await this.verifierAzureADAuth(profile, done, req);
+            const user = await verifyFn(profile, done, req);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,
@@ -66,7 +70,7 @@ export class AzureADAuthStrategyFactoryProvider
           }
 
           try {
-            const user = await this.verifierAzureADAuth(profile, done);
+            const user = await verifyFn(profile, done);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,

src/strategies/passport/passport-bearer/bearer-strategy-factory-provider.ts

@@ -9,7 +9,10 @@ import {VerifyFunction} from '../../types';
 import {isEmpty} from 'lodash';
 
 export interface BearerStrategyFactory {
-  (options?: PassportBearer.IStrategyOptions): PassportBearer.Strategy;
+  (
+    options?: PassportBearer.IStrategyOptions,
+    verifierPassed?: VerifyFunction.BearerFn,
+  ): PassportBearer.Strategy;
 }
 
 export class BearerStrategyFactoryProvider
@@ -20,12 +23,15 @@ export class BearerStrategyFactoryProvider
   ) {}
 
   value(): BearerStrategyFactory {
-    return (options) => this.getBearerStrategyVerifier(options);
+    return (options, verifier) =>
+      this.getBearerStrategyVerifier(options, verifier);
   }
 
   getBearerStrategyVerifier(
     options?: PassportBearer.IStrategyOptions,
+    verifierPassed?: VerifyFunction.BearerFn,
   ): PassportBearer.Strategy {
+    const verifyFn = verifierPassed ?? this.verifierBearer;
     if (options?.passReqToCallback) {
       return new PassportBearer.Strategy(
         options,
@@ -36,7 +42,7 @@ export class BearerStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierBearer(token, req);
+            const user = await verifyFn(token, req);
             if (!user) {
               throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid);
             }
@@ -56,7 +62,7 @@ export class BearerStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierBearer(token);
+            const user = await verifyFn(token);
             if (!user) {
               throw new HttpErrors.Unauthorized(AuthErrorKeys.TokenInvalid);
             }
@@ -74,7 +80,7 @@ export class BearerStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierBearer(token);
+            const user = await verifyFn(token);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,

src/strategies/passport/passport-bearer/bearer-token-verify.provider.ts

@@ -13,7 +13,7 @@ export class BearerTokenVerifyProvider
   constructor() {}
 
   value(): VerifyFunction.BearerFn {
-    return async (token) => {
+    return async (token: string) => {
       throw new HttpErrors.NotImplemented(
         `VerifyFunction.BearerFn is not implemented`,
       );

src/strategies/passport/passport-client-password/client-password-strategy-factory-provider.ts

@@ -10,6 +10,7 @@ import {VerifyFunction} from '../../types';
 export interface ClientPasswordStrategyFactory {
   (
     options?: ClientPasswordStrategy.StrategyOptionsWithRequestInterface,
+    verifierPassed?: VerifyFunction.OauthClientPasswordFn,
   ): ClientPasswordStrategy.Strategy;
 }
 
@@ -21,12 +22,15 @@ export class ClientPasswordStrategyFactoryProvider
   ) {}
 
   value(): ClientPasswordStrategyFactory {
-    return (options) => this.getClientPasswordVerifier(options);
+    return (options, verifier) =>
+      this.getClientPasswordVerifier(options, verifier);
   }
 
   getClientPasswordVerifier(
     options?: ClientPasswordStrategy.StrategyOptionsWithRequestInterface,
+    verifierPassed?: VerifyFunction.OauthClientPasswordFn,
   ): ClientPasswordStrategy.Strategy {
+    const verifyFn = verifierPassed ?? this.verifier;
     if (options?.passReqToCallback) {
       return new ClientPasswordStrategy.Strategy(
         options,
@@ -39,7 +43,7 @@ export class ClientPasswordStrategyFactoryProvider
           cb: (err: Error | null, client?: IAuthClient | false) => void,
         ) => {
           try {
-            const client = await this.verifier(clientId, clientSecret, req);
+            const client = await verifyFn(clientId, clientSecret, req);
             if (!client) {
               throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid);
             } else if (
@@ -65,7 +69,7 @@ export class ClientPasswordStrategyFactoryProvider
           cb: (err: Error | null, client?: IAuthClient | false) => void,
         ) => {
           try {
-            const client = await this.verifier(clientId, clientSecret);
+            const client = await verifyFn(clientId, clientSecret);
             if (!client) {
               throw new HttpErrors.Unauthorized(AuthErrorKeys.ClientInvalid);
             } else if (

src/strategies/passport/passport-client-password/client-password-verify.provider.ts

@@ -13,7 +13,7 @@ export class ClientPasswordVerifyProvider
   constructor() {}
 
   value(): VerifyFunction.OauthClientPasswordFn {
-    return async (clientId, clientSecret) => {
+    return async (clientId: string, clientSecret: string) => {
       throw new HttpErrors.NotImplemented(
         `VerifyFunction.OauthClientPasswordFn is not implemented`,
       );

src/strategies/passport/passport-google-oauth2/google-auth-strategy-factory-provider.ts

@@ -14,7 +14,10 @@ import {Strategies} from '../../keys';
 import {VerifyFunction} from '../../types';
 
 export interface GoogleAuthStrategyFactory {
-  (options: StrategyOptions | StrategyOptionsWithRequest): Strategy;
+  (
+    options: StrategyOptions | StrategyOptionsWithRequest,
+    verifierPassed?: VerifyFunction.GoogleAuthFn,
+  ): Strategy;
 }
 
 export class GoogleAuthStrategyFactoryProvider
@@ -25,12 +28,15 @@ export class GoogleAuthStrategyFactoryProvider
   ) {}
 
   value(): GoogleAuthStrategyFactory {
-    return (options) => this.getGoogleAuthStrategyVerifier(options);
+    return (options, verifier) =>
+      this.getGoogleAuthStrategyVerifier(options, verifier);
   }
 
   getGoogleAuthStrategyVerifier(
     options: StrategyOptions | StrategyOptionsWithRequest,
+    verifierPassed?: VerifyFunction.GoogleAuthFn,
   ): Strategy {
+    const verifyFn = verifierPassed ?? this.verifierGoogleAuth;
     if (options && options.passReqToCallback === true) {
       return new Strategy(
         options,
@@ -44,7 +50,7 @@ export class GoogleAuthStrategyFactoryProvider
           cb: VerifyCallback,
         ) => {
           try {
-            const user = await this.verifierGoogleAuth(
+            const user = await verifyFn(
               accessToken,
               refreshToken,
               profile,
@@ -73,12 +79,7 @@ export class GoogleAuthStrategyFactoryProvider
           cb: VerifyCallback,
         ) => {
           try {
-            const user = await this.verifierGoogleAuth(
-              accessToken,
-              refreshToken,
-              profile,
-              cb,
-            );
+            const user = await verifyFn(accessToken, refreshToken, profile, cb);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,

src/strategies/passport/passport-keycloak/keycloak-strategy-factory-provider.ts

@@ -9,8 +9,11 @@ import {KeycloakProfile, VerifyFunction} from '../../types';
 export const KeycloakStrategy = require('@exlinc/keycloak-passport');
 
 export interface KeycloakStrategyFactory {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  (options: any): typeof KeycloakStrategy;
+  (
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    options: any,
+    verifierPassed?: VerifyFunction.KeycloakAuthFn,
+  ): typeof KeycloakStrategy;
 }
 
 export class KeycloakStrategyFactoryProvider
@@ -21,11 +24,16 @@ export class KeycloakStrategyFactoryProvider
   ) {}
 
   value(): KeycloakStrategyFactory {
-    return (options) => this.getKeycloakAuthStrategyVerifier(options);
+    return (options, verifier) =>
+      this.getKeycloakAuthStrategyVerifier(options, verifier);
   }
 
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  getKeycloakAuthStrategyVerifier(options: any): typeof KeycloakStrategy {
+  getKeycloakAuthStrategyVerifier(
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    options: any,
+    verifierPassed?: VerifyFunction.KeycloakAuthFn,
+  ): typeof KeycloakStrategy {
+    const verifyFn = verifierPassed ?? this.verifierKeycloak;
     return new KeycloakStrategy(
       options,
       async (
@@ -35,12 +43,7 @@ export class KeycloakStrategyFactoryProvider
         cb: (err?: string | Error, user?: IAuthUser) => void,
       ) => {
         try {
-          const user = await this.verifierKeycloak(
-            accessToken,
-            refreshToken,
-            profile,
-            cb,
-          );
+          const user = await verifyFn(accessToken, refreshToken, profile, cb);
           if (!user) {
             throw new HttpErrors.Unauthorized(AuthErrorKeys.InvalidCredentials);
           }

src/strategies/passport/passport-local/local-password-strategy-factory-provider.ts

@@ -13,6 +13,7 @@ export interface LocalPasswordStrategyFactory {
     options?:
       | PassportLocal.IStrategyOptions
       | PassportLocal.IStrategyOptionsWithRequest,
+    verifierPassed?: VerifyFunction.LocalPasswordFn,
   ): PassportLocal.Strategy;
 }
 
@@ -24,14 +25,17 @@ export class LocalPasswordStrategyFactoryProvider
   ) {}
 
   value(): LocalPasswordStrategyFactory {
-    return (options) => this.getLocalStrategyVerifier(options);
+    return (options, verifier) =>
+      this.getLocalStrategyVerifier(options, verifier);
   }
 
   getLocalStrategyVerifier(
     options?:
       | PassportLocal.IStrategyOptions
       | PassportLocal.IStrategyOptionsWithRequest,
+    verifierPassed?: VerifyFunction.LocalPasswordFn,
   ): PassportLocal.Strategy {
+    const verifyFn = verifierPassed ?? this.verifierLocal;
     if (options?.passReqToCallback) {
       return new PassportLocal.Strategy(
         options,
@@ -43,7 +47,7 @@ export class LocalPasswordStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierLocal(username, password, req);
+            const user = await verifyFn(username, password, req);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,
@@ -65,7 +69,7 @@ export class LocalPasswordStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierLocal(username, password);
+            const user = await verifyFn(username, password);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,
@@ -86,11 +90,7 @@ export class LocalPasswordStrategyFactoryProvider
           cb: (err: Error | null, user?: IAuthUser | false) => void,
         ) => {
           try {
-            const user = await this.verifierLocal(
-              username,
-              password,
-              undefined,
-            );
+            const user = await verifyFn(username, password, undefined);
             if (!user) {
               throw new HttpErrors.Unauthorized(
                 AuthErrorKeys.InvalidCredentials,

src/strategies/passport/passport-local/local-password-verify.provider.ts

@@ -13,7 +13,7 @@ export class LocalPasswordVerifyProvider
   constructor() {}
 
   value(): VerifyFunction.LocalPasswordFn {
-    return async (username, password) => {
+    return async (username: string, password: string) => {
       throw new HttpErrors.NotImplemented(
         `VerifyFunction.LocalPasswordFn is not implemented`,
       );