stackoom
  简体   繁体   中英

FeathersJs - Sanitize response from Find method in users service broke Authentication service

 原文  2020-09-03 06:58:34       feathersjs/ feathers-sequelize/ feathers-authentication/ feathers-hook/ feathers-service

Question

I created an after hook in the users service that should sanitize the response from the "find" method and it broke the authentication service.

The after hook sanitizeResponse should verify if the query is regarding the email or cpf, and, if it is, should remove some of the fields and add some new ones.

Here is the users.hooks.js

const { authenticate } = require('@feathersjs/authentication').hooks;

const {
  // eslint-disable-next-line no-unused-vars
  hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;

const sanitizeResponse = (context) => {
  const query = context.params.query;
  if(!query.email && !query.cpf)
    return context;
  
  if(context.result.total){
    context.result.data[0] = {exists: 1, id: context.result.data[0].id};
  }else{
    context.result.data[0] = {exists: 0};
  }
};

module.exports = {
  before: {
    all: [],
    find: [authenticate('jwt')],
    get: [ authenticate('jwt') ],
    create: [ hashPassword('password') ],
    update: [ hashPassword('password'),  authenticate('jwt') ],
    patch: [ hashPassword('password'),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

  after: {
    all: [ 
      // Make sure the password field is never sent to the client
      // Always must be the last hook
      protect('password')
    ],
    find: [sanitizeResponse],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  },

  error: {
    all: [],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  }
};

Before writing this hook the authentication used to work just fine, but afterwards it started sending me "Not authenticated" responses.

I haven not changed anything in the user.class.js and authentication.js file generated by feathersjs-cli.

I would like to know what am i doing wrong ? Is there a better way to sanitize the response ?

Thank you for helping me!

1 answers

solution1
 1 ACCPTED  2020-09-03 18:05:06

The authentication flow needs to be able to retrieve the full user information to add it to requests, compare passwords and more. You likely want to skip the sanitizeResponse hook for internal calls (when context.params.provider is undefined ):

const sanitizeResponse = (context) => {
  const query = context.params.query;
  if(!context.params.provider || (!query.email && !query.cpf))
    return context;
  
  if(context.result.total){
    context.result.data[0] = {exists: 1, id: context.result.data[0].id};
  }else{
    context.result.data[0] = {exists: 0};
  }
};

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question feathersjs - Custom create method in service How to response error in feathersjs service to client? Custom service in feathersjs How to filter feathersjs service Service not found in Feathersjs FeathersJS and MongoDB different results querying a field from HTTP GET and service.find in hooks How to add more parameters on feathersjs service method with primus Why feathersjs mongoose service return different “total” in get() method? how to use feathersjs filter service? FeathersJS: post-process service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM