GithubHelp home page GithubHelp logo

nestjs / passport Goto Github PK

View Code? Open in Web Editor NEW
406.0 8.0 94.0 4.17 MB

Passport module for Nest framework (node.js) 🔑

Home Page: https://nestjs.com

License: MIT License

JavaScript 7.10% TypeScript 91.93% Shell 0.96%
nestjs nest typescript nodejs javascript passport authentication

passport's Introduction

Nest Logo

A progressive Node.js framework for building efficient and scalable server-side applications.

NPM Version Package License NPM Downloads Travis Linux Coverage Discord Backers on Open Collective Sponsors on Open Collective

Description

Passport utilities module for Nest.

Installation

$ npm i --save @nestjs/passport passport

Quick Start

Overview & Tutorial

Support

Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please read more here.

Stay in touch

License

Nest is MIT licensed.

passport's People

Contributors

brunnerlivio avatar caucik avatar deathman92 avatar dependabot[bot] avatar dzixxx avatar egormkn avatar jmcdo29 avatar jrobeson avatar kamilmysliwiec avatar micalevisk avatar michaeljota avatar nickbolles avatar p-m-p avatar renovate-bot avatar renovate[bot] avatar tbg-fr avatar tony133 avatar underfin avatar williamdclt avatar wodcz avatar xyide avatar ydcjeff avatar zycon42 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

passport's Issues

Support for Azure AD authentication

I'm submitting a...


[ ] Regression 
[ ] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Expected behavior

Validate jwt token using Azure AD.

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

Environment


Nest version: X.Y.Z

 
For Tooling issues:
- Node version: XX  
- Platform:  

Others:

WWW-Authenticate response header is missing

I'm submitting a...


[ ] Regression 
[ x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

When passport-http-strategy is used, nest does not set WWW-Authenticate header https://tools.ietf.org/html/rfc6750, passport strategy currently prepares correct challenge, AuthGuard exposes it on req.authInfo, only thing missing is proper WWW-Authenticate header.

Expected behavior

Response WWW-Authenticate header should be set according to challenge produced by passport

Minimal reproduction of the problem with instructions

  1. Any route with AuthGuard('bearer'), with strategy using passport-http-bearer
  2. Send request without Authorization header
  3. WWW-Authenticate header is to present on response

What is the motivation / use case for changing the behavior?

https://tools.ietf.org/html/rfc6750

Environment


nestjs/passport version: 7.0.0
 
For Tooling issues:
- Node version: 10.16.3
- Platform:  Windows

NestJS does not propagate Passport's errors

I'm submitting a...


[ ] Regression 
[X] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Errors generated by Passport strategies are all substituted with

{
    "statusCode": 401,
    "error": "Unauthorized"
}

Expected behavior

Errors generated by Passport strategies are propagated and displayed to logs with proper Status Codes.
I.E. https://github.com/jaredhanson/passport-local/blob/2bf3939ca369e08a47a28585c2ccfb3cecffeb9c/lib/strategy.js#L75

if (!username || !password) {
    # usage of passport.Strategy.fail(challenge: any, status: number): void;
    return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
}

should be returned as:

{
    "statusCode": 400,
    "error": "Missing credentials"
}

Minimal reproduction of the problem with instructions

  1. Use standard setup of passport-local example from Nest Documentation: https://docs.nestjs.com/techniques/authentication#implementing-passport-strategies
  2. Request auth/login endpoint with incorrect user credentials. You can achieve it by:
    a) Sending request with incorrect Content-Type: i.e. Content-Type: text/plain
    b) Sending JSON with invalid fieldNames: i.e. { "brokenusernamefield": "test", "password": "test"}

What is the motivation / use case for changing the behavior?

Passport strategies provide useful information about Missing Credentials, invalid format of the request, etc. Supressing all this information with 401: Unauthorized cause problem in debugging sessions. They should be at least logged as errors caught by ExceptionHandler.

Environment


Nest version: 6.10.2
Nest passport version: 6.1.1

 
For Tooling issues:
- Node version: 10.15.3  
- Platform:  Mac 

Others:

Throw error if info is instanceof Error

Feature Request

Is your feature request related to a problem? Please describe.

I am using the AuthGuard in combination with Passport to validate the api-key header using the passport-apikey package. When there is no api key present in the header, the package returns a BadRequestError, which is passed in the info property in the handleRequest method in the authguard. This argument is completely ignored, only when an error is returned as the first argument will it be thrown.

Describe the solution you'd like

The only way I see is checking for an error in the info argument:

handleRequest(err, user, info, context) {
  if (err) {
     throw err;
  } else if (info instanceof Error) {
    throw info;
  } else if (!user) {
    throw new UnauthorizedException();
  }
  return user;
}

Teachability, Documentation, Adoption, Migration Strategy

What is the motivation / use case for changing the behavior?

The failure(s) returned by the passport-apikey package, which uses the fail method of the Passport Strategy class to record the failure, are ignored by the AuthGuard and therefore the generic UnauthorizedException is always returned, which doesn't make sense if you are missing an API key.

Bug: authInfo

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

export class JwtStrategy extends PassportStrategy(Strategy) {
...
async validate(payload: JwtPayload, done: Function) {
if (!payload) {
return done(new UnauthorizedException(), false)
}
done(null, payload, 'xxxxxxxxx')
}
}

request:
{
...
authInfo: undefined,
user: { id: 123, username: 'admin', iat: 1541730420, exp: 1541734020 } }
}

@nestjs/passport/dist/auth.guard.js

const createPassportContext = (request, response) => (type, options, callback) => new Promise((resolve, reject) => passport.authenticate(type, options, (err, user, info) => {
try {
request.authInfo = info;
console.log(request.authInfo:${request.authInfo})
...

it will be executed twice:

request.authInfo:xxxxxxxxx
request.authInfo:undefined

Expected behavior

{
...
authInfo: 'xxxxxxxxx',
user: { id: 123, username: 'admin', iat: 1541730420, exp: 1541734020 } }
}

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

Environment


Nest version: 5.4.0

 
For Tooling issues:
- Node version: 8.12.0 
- Platform:  Windows 

Others:

UnauthorizedException handled internally

Following the NestJS JWT auth tutorial from the documentation I noticed that the UnauthorizedException is handled "internally". Instead of printing

You'll get {"statusCode":500,"message":"Internal server error"} along with this log message [Nest] #14156 14:59:46 - error: [root] { statusCode: 401, error: 'Unauthorized' }

It should print that error as JSON response along with the right http response code right?

How to validate post body first?

It seems the validation of post body runs after auth guards, so I can't validate if some fields valid, how could I validate post body first?

export class LoginDto {
  @ApiModelProperty({})
  @IsNotEmpty()
  mobile: string

  @ApiModelProperty()
  @IsNotEmpty(})
  password: string
}

//....
@Post('login')
  @ApiOperation({ title: 'Login' })
  @UseGuards(AuthGuard('local'))
  async login(@Body() dto: LoginDto, @Req() req) {
    const user = req.user
    return {
      token: this.jwtService.sign(String(user._id)),
    };
  }

Fails silently. Doesn't show error on Promise rejection

I spent the last couple of days trying to debug why the passport module does not work. Turns out the package doesn't show thrown errors.

For example, jsonwebtoken threw an invalid signature error but Nestjs does not log it on the console.

Expected behaviour should be logging the error to console and throw a 500 Internal Server error to the user.

expired jwt token is throwing HttpException when using sockets

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[x] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I am using guards in a Gateway, and together with that, the passport jwt strategy from the documentation example.

Using a custom extractor I am able to send the jwt as a query parameter with the initial socket request to be authenticated:

const fromSocketQueryParameter = (request) => {
  const rawUrl = request.url || request.handshake.url;
  let token = null;
  const parsed_url = url.parse(rawUrl, true);

  if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, 'token')) {
    token = parsed_url.query['token'];
  }
  return token;
}

There is a problem when the token has expired which is that UnauthorizedException is thrown within @nestjs/passport/options.js and that one is extending HttpException. This causes an internal server error to be visible to the client because in @nestjs/websockets all errors that are not WsExceptions is returning internal server error.

Expected behavior

Is it possible to override or catch the error thrown when the jwt token is not valid? I would like to throw a WsException instead.

It would also be useful if this could be handled in the validate action within the strategy, but that one seems to be called after the actual verification of the jwt token, meaning that the error has already been thrown.

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

It is not possible to handle expired access when using sockets, which it should be.

Environment


Nest version: 5.1.0

 
For Tooling issues:
- Node version: 10.6.0  
- Platform: Mac, Ubuntu  

Others:

Expose ExecutionContext inside validate function

As user I'd like to use the ExecutionContext to take decisions when doing authn/authz with Passport.

Initially I tried to use multiple guards,

This could be easily done exposing the execution context to this or somehow passing it to Passport to it makes it available in the validate() function.
Otherwise, maybe I could be able to override the newly created canActivate function, precreated by the mixin and add my custom logic underneath....

Authentication example does not work

Current Behavior

The code below emits an error which says the package has no exported member BearerStragety.
It exports Strategy instead.

import { BearerStrategy } from 'passport-http-bearer';

Class declaration also emits errors.

export class HttpStrategy extends PassportStrategy(Stragety) {
[ts] 'extends' clause of exported class 'HttpStrategy' has or is using private name 'AbstractStrategy'.
[ts] 'extends' clause of exported class 'HttpStrategy' has or is using private name 'Type'.

Environment

package.json

"@nestjs/passport": "^1.0.5",

using --declaration flag

Http Strategy Stuck and Do not continue to the Controller

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Added http bearer strategy with @nest/passport as described in the example. It should be protecting the route, by allowing only the http requests with bearer token. If there is no token/invalid token it returns 401. There is no issue in it, but when the token is valid, the validate token returns a user object. The request doesn't make it to the controller. Http request timeouts after few minutes.

Expected behavior

Should continue to the controller and return the results of the http end point.

Minimal reproduction of the problem with instructions

Setups the example.

// http.strategy.ts
import { Strategy } from 'passport-http-bearer';
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { AuthService } from './auth.service';

@Injectable()
export class HttpStrategy extends PassportStrategy(Strategy) {
  constructor(private readonly authService: AuthService ) {
    super();
  }

  async validate(token: string): Promise<any> {
    const user = await this.authService.validateToken(token);
    if (!user) {
      throw new UnauthorizedException();
    }
    console.log('In strategy');
    return user;
  }
}
// auth.service.ts
// ...
  async validateToken(token: string) {
    console.log('Validating user', token);
    const user = await this.usersService.findOneByToken(token);
    if (user) {
      console.log('True');
      return user;
    }
    console.log('False');
    return false;
  }
// data.controller.ts
// .... 
  @Get()
  @UseGuards(AuthGuard('bearer'))
  async view() {
    console.log("In controller")
    return await this.dataService.findAll();
  }
# Console log> 

> Validating user 6dafafdadafdafawfsacc9c
> True
> In strategy

As you can see the controller is not printing the In contoller. Seems like a promise rejection.

What is the motivation / use case for changing the behavior?

Environment


Nest version: 5.0.0

 
For Tooling issues:
- Node version: v8.11.2  
- Platform:  Linux 

Others:

Use nest.js passport with other passports

How I can use nest.js with passport-steam authentication? Where I should put passport.use, auth routes, etc.? Is there any examples of how to use nest.js with other sites authentication (except Auth0)

Allow empty token?

I have a /products api for product list, it can be accessed for guests and logged-in users.
So I need something like a Jwt Guard but do not force limit this api must provide a jwt token.
If I use @UseGuards(AuthGuard('jwt')) , the guests cannot access it, but if I remove this guard, how could I access req.user so that I could return discount price for some users?

TSError: Call target does not contain any signatures

Current Behavior

TSError: ⨯ Unable to compile TypeScript src/auth/jwt.strategy.ts (10,5): Call target does not contain any signatures. (2346)

src/auth/jwt.strategy.ts super() constructor extending from PassportStrategy does not contain any signatures:

export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor(private readonly authService: AuthService) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: 'secretKey',
    });
  }

Environment


Nest version: 5.0.0-rc.3
@nestjs/passport: v1.0.9
TypeScript: 2.8.3

 
For Tooling issues:
- Node version: 10.0.0
- Platform:  Linux

`passport-facebook-token` doesn't work

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

When I try to use passport-facebook-token library with this library I am getting this error:

TypeError: Class extends value undefined is not a constructor or null

/home/mrav/projects/gitdiagram-server/node_modules/@nestjs/passport/dist/passport/passport.strategy.js:13 class MixinStrategy extends Strategy {

I am trying to use given library like this:

import Strategy from "passport-facebook-token";
import { Injectable } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";

@Injectable()
export class GitHubStrategy extends PassportStrategy(Strategy) {
  constructor() {
    super({
      clientID: "client_id",
      clientSecret: "client_secret",
      passReqToCallback: true
    });
  }

  async validate(
    request: any,
    accessToken: string,
    refreshToken: string,
    profile,
    next: Function
  ) {
    try {
      console.log(profile);

      next(null, profile);
    } catch (err) {
      console.log(err);
      next(err, null);
    }
  }
}

I think that main problem is that passport-facebook-token is creating strategy by extending OAuth2Strategy and other libraries like passport-facebook are using util.inherits method. In node documentation util.inherits is deprecated.

As I can see nestjs/passport library is expecting Strategy to be function, link to source code.

Why I want to use passport-facebook-token strategy, because I want to implement implicit grant flow for my SPA application.

I have found one more library that is creating strategy in the same way:

  • passport-github-token

Expected behavior

It would be nice if library would support strategies that are created by extending OAuth2Strategy.

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

Environment


Nest version: 6.0.0

 
For Tooling issues:
- Node version: v8.15.0 
- Platform:  Ubuntu

Others:

Include the passport middlewares initialization in the module

I'm submitting a...


[ ] Regression 
[ ] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

With the current version, it seems, to use passport with cookies sessions, we have to declare its middlewares manually in main.js, like :

  app.use(session({
    secret: 'a secret',
    name: 'abcd',
    resave: true,
    saveUninitialized: true
  }));
  app.use(passport.initialize());
  app.use(passport.session());

This approach prevents me to use Nest injection, so it prevents me to use my ConfigurationModule & TypeORMModule for example to configure the session store.

Expected behavior

So I would like this nestjs/passport module register passport.initialize() and passport.session() automatically.

I've tried, by "monkey-patching" the library to add this configure implementation in PassportModule code :

    configure(consumer) {
        const DEFAULT_ROUTES = [{ path: '*', method: common_1.RequestMethod.ALL }];
        const middlewares = [
            passport.initialize(),
            passport.session(),
        ]
        consumer
            .apply(...middlewares)
            .forRoutes(...DEFAULT_ROUTES)
    }

But maybe it should be "configurable", maybe it could depend on the session options flag.
But I don't know how to implement such a case in practice. I wonder if we have to implement forRoot / forRootAsync on PassportModule to do it this way ?

Minimal reproduction of the problem with instructions

The following repository provide a good base to reproduce the case : https://github.com/Nabellaleen/hello-graphql-session-nestjs

What is the motivation / use case for changing the behavior?

In practice, this change is motivated by this discussion : iamolegga/nestjs-session#181

Environment


- @nestjs/common: 7.0.5
 
For Tooling issues:
- Node version: v10.15.3
- Platform:  Linux

Error when use bearer strategy

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

After update to 5.0.1 I get strange error when use @UseGuards(AuthGuard('bearer'))

{ Error: Pool is closed.
        at Pool.Object.<anonymous>.Pool.getConnection (C:\www\gmc\back\node_modules\mysql\lib\Pool.js:25:15)
        at C:\www\gmc\back\src\driver\mysql\MysqlDriver.ts:566:27
        at new Promise (<anonymous>)
        at MysqlDriver.Object.<anonymous>.MysqlDriver.obtainMasterConnection (C:\www\gmc\back\src\driver\mysql\MysqlDriver.ts:559:16)
        at MysqlQueryRunner.Object.<anonymous>.MysqlQueryRunner.connect (C:\www\gmc\back\src\driver\mysql\MysqlQueryRunner.ts:79:58)
        at MysqlQueryRunner.<anonymous> (C:\www\gmc\back\src\driver\mysql\MysqlQueryRunner.ts:143:55)
        at step (C:\www\gmc\back\node_modules\typeorm\driver\mysql\MysqlQueryRunner.js:42:23)
        at Object.next (C:\www\gmc\back\node_modules\typeorm\driver\mysql\MysqlQueryRunner.js:23:53)
        at C:\www\gmc\back\node_modules\typeorm\driver\mysql\MysqlQueryRunner.js:17:71
        at new Promise (<anonymous>) code: 'POOL_CLOSED' }

Code of my BearerStrategy:

import { Strategy } from 'passport-http-bearer';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { OauthClientTokenService } from './client/token/oauth-client-token.service';
import { PassportStrategy } from '@nestjs/passport';

@Injectable()
export class BearerStrategy extends PassportStrategy(Strategy) {
  constructor(private readonly clientTokenService: OauthClientTokenService) {
    super();
  }

  validate(token: any, done) {
    this.clientTokenService.findByAccessToken(token).then(async (clientToken) => {
      if (!!clientToken) {
        const user = await clientToken.user;
        done(null, user);
      } else {
        done(new UnauthorizedException(), false);
      }
    }).catch((error) => {
      console.log(error);
      done(error, false);
    });
  }
}

Method findByAccessToken correctly returns token-entity. But querying of user causes error.

Environment


Nest version: 5.3.0

 
For Tooling issues:
- Node version: 10.1.0
- Platform:  Windows

Common class that extends AuthGuard(DynamicType)

I'm submitting a...


[ ] Regression 
[ ] Bug report
[X ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I have to duplicate code to specify a Passport type, the classes contain the exact same code. except for the below

export class AzureLoginGuard extends AuthGuard('azure') {}
export class SamlLoginGuard extends AuthGuard('saml') {}

export class AzureLoginCallbackGuard extends AuthGuard('azure')  {}
export class SamlLoginCallbackGuard extends AuthGuard('saml') {}

Expected behavior

It would be nice to be able to pass the type into an common AuthGuard that will then propigate up to passport

@UseGuards(LoginGuard('azure'))
@UseGuards(LoginGuard('saml'))

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

Im using sessions for example, and i need to do :

await super.canActivate(context); // throws Unauthorized
super.logIn(req);

if i wanted to have a facebook, twitter, google i would need to have 3 classes to do the same thing

Environment


Nest version: 6.5.0

 
For Tooling issues:
- Node version: XX   v12.3.1
- Platform:   WIndows

Others:

Passport instance should be used instead of global singleton

I'm submitting a...


[ ] Regression 
[x] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Currently I can see that module attaching strategies to global passport instance. Which preventing me from using different sessions handling and user serialization and deserialization algorithms in different modules.

Expected behavior

Passport instance should be defined explicitly for module. For this new Passport() usually called, which returning independent passport instance with it's own strategies stack.

What is the motivation / use case for changing the behavior?

Creation of modular applications limited by single passport instance for all modules. No way to define more than one serialization strategy.

PassportModule is not exposed in currently published passport library

I'm submitting a...


[x] Regression 
[] Bug report
[] Feature request
[ ] Documentation issue or request

Current behavior

I'm unable to replicate documented nestjs authentication example code because the PassportModule does not exist.

Expected behavior

Example code should work as expected with the PassportModule exposed.

Minimal reproduction of the problem with instructions

Unable to import PassportModule from @nestjs/passport

What is the motivation / use case for changing the behavior?

I need to implement jwt based authentication

Environment


Nest version: 5.0.0
Nest Passport version: 1.1.0
 
For Tooling issues:
- Node version: 10.6.0
- Platform:  Windows

Others:

req.authInfo undefined

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

If I add 3rd argument to callback e.g., payload I should be able to retrieve it via req.authInfo in controller. Currently I am getting user as expected but authInfo as undefined.

Expected behavior

I should be able to retrieve both user and authInfo from request in the Controller

Minimal reproduction of the problem with instructions

Strategy

import { ExtractJwt, Strategy } from 'passport-jwt';
import { AuthService } from './auth.service';
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { JwtPayload } from './interfaces/jwt-payload.interface';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor(private readonly authService: AuthService) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: 'secretKey',
    });
  }

  async validate(payload: JwtPayload, done: Function) {
    const user = await this.authService.validateUser(payload);
    if (!user) {
      return done(new UnauthorizedException(), false);
    }
    done(null, user, payload);
  }
}

Controller

  async findAll(@Req() req): Promise<Project[]> {
    console.log(req.user)
    console.log(req.authInfo)
    return this.projectService.findAll();
  }

What is the motivation / use case for changing the behavior?

I want to keep user and optional info separate as intended by passport for interoperability with other libraries and consistency.

Environment

Nest Info

[System Information]
OS Version     : macOS High Sierra
NodeJS Version : v10.5.0
NPM Version    : 6.1.0
[Nest Information]
microservices version : 5.1.0
websockets version    : 5.1.0
passport version      : 1.1.0
typeorm version       : 5.0.2
common version        : 5.1.0
core version          : 5.1.0

Nest version: X.Y.Z

 
For Tooling issues:
- Node version: XX  
- Platform:  

Others:

req.user is undefined after refresh.

I can not make passport local work.
the login work , and return the user, but getUserAuthenticated retrun undefined.
the project.

    @Post('login')
    @UseGuards(AuthGuard('local'))
    @HttpCode(HttpStatus.OK)
    async login(@Body() user: LoginRequest, @Req() req): Promise<User> {
// this is work fine.
        return req.user;
    }

    @Get('getUserAuthenticated')
    async getUserAuthenticated(@Req() req) {
// here req.user is undefined
        return {user:req.user};
    }

PassportStrategy instance methods (logout for saml)

Feature Request

Is your feature request related to a problem? Please describe.

I found this stack overflow question and the solutions seems awful when i believe having a simple accessor on the base PassportStrategy can accommodate a better solution

Describe the solution you'd like

Would be nice to be able to access passport methods, (I thought this would have been uglier than it ended up being)

export class AuthController {
    constructor(private readonly samlStrategy: SamlStrategy) {
    }
    public logout(@Req() req, @Res() res) {     
       // Work around
       (this.samlStrategy as any).logout(req, function (err, req) {
            if (!err) {
                res.send('<h1>Logout Failure!!</h1>');
            }
        });
    }
}

https://stackoverflow.com/questions/37990947/access-passport-strategy-from-passport

This is pretty straight forward in JS

var samlStrategy = new saml.Strategy({
  callbackUrl: process.env.CALLBACK_URL,
  entryPoint: process.env.ENTRY_POINT,
  issuer: process.env.ISSUER,
  logoutUrl: process.env.LOGOUT_URL
}, function(profile, done) {
  var user = profile;
  return done(null, user);
});

...

app.get('/logout', function(req, res) {
  // samlStrategy.logut uses req.user
  console.log(req.user);

  // Perform SSO logout with IdP
  samlStrategy.logout(req, function(err, request) {
    console.log(err);
    console.log(request);
    if (!err) {
      res.redirect(request);
    }
  });
});

Teachability, Documentation, Adoption, Migration Strategy

What is the motivation / use case for changing the behavior?

Convenience

NestJs JWT Authentication always returns 401

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Hello I have submitted this issue on stackoverflow and I have not been able to get any solutions for days now. Kindly assist. 
[Issue](https://stackoverflow.com/questions/55820591/nestjs-jwt-authentication-returns-401)

Can't import PassportStrategy from @nestjs/passport

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current Behavior

  • Install the package
npm install @nestjs/passport
  • Importing something from the package results in an error.
import { PassportStrategy } from '@nestjs/passport';
[ts]
Could not find a declaration file for module '@nestjs/passport'.
[email protected]/passport/index.js' implicitly has an 'any' type.

Environment

"@nestjs/passport": "^1.0.2",

Not able to pass info object from Custom Passport Stategy

Since validate function is being considered as promise don't send callback function of passport. Because callback function is called from after validate function completed Ref: passport.strategy.ts.

Moreover, I don't understand how to pass info (3rd parameter of callback). Since its being used for authInfo field of request object in auth.guard.ts file.

const done = params[params.length - 1];
try {
const validateResult = await this.validate(...params);
if (Array.isArray(validateResult)) {
done(null, ...validateResult);
} else {
done(null, validateResult);
}
} catch (err) {
done(err, null);
}

passport.authenticate(type, options, (err, user, info) => {
try {
request.authInfo = info;
return resolve(callback(err, user, info));
} catch (err) {
reject(err);
}
})(request, response, err => (err ? reject(err) : resolve))

Call resolve on error

})(request, response, resolve)

        const createPassportContext = (request, response) => (type, options, callback) => new Promise((resolve, reject) => passport.authenticate(type, options, (err, user, info) => {
            try {
                request.authInfo = info;
                return resolve(callback(err, user, info));
            }
            catch (err) {
                reject(err);
            }
        })(request, response, resolve));

https://github.com/jaredhanson/passport/blob/2327a36e7c005ccc7134ad157b2f258b57aa0912/lib/middleware/authenticate.js#L186

Here authenticate call "next" to trigger an error, but we provide "resolve" as "next" parameter. Shouldn't error call reject?

At least for me it's an issue. I follow the tutorial https://docs.nestjs.com/techniques/authentication and I don't get the 401 Unauthorized.

useFactory - Provider

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

AuthGuard not working when it is used in factory.

Expected behavior

Conditional AuthGuard should works.

Minimal reproduction of the problem with instructions

{
      provide: APP_GUARD,

      // OPTIONAL AUTHGUARD
      useFactory: (environment: Environment) => {
        if (environment.config.isProduction) {
          return AuthGuard('bearer');
        } else {
          return undefined;
        }
      },
      inject: [Environment],

    },

What is the motivation / use case for changing the behavior?

I think we should define options authguards for testing/developing situations.

Environment


Nest version: 5.4.0

For Tooling issues:
- Node version: 10.15.0
- Platform:  Linux

Add ability to configure PassportStrategy per Request

I'm submitting a...


[ ] Regression 
[ ] Bug report
[*] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Unable to configure PassportStrategy per request

I want to be able to set custom PassportStrategy settings per request.

My use-case: The app is deployed on dynamic, multiple domains,
And i want to be able to set the callbackURL for oauth providers by the request.host, protocol, etc.

@Injectable({
  scope: Scope.REQUEST,
})
export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
  constructor(
    @Inject(REQUEST) private readonly request: import("express").Request,
    private readonly authService: AuthService,
  ) {
    super({
      clientID: 'CLIENT_ID', // <- Replace this with your client id
      clientSecret: 'CLIENT_SECRET', // <- Replace this with your client secret
      callbackURL: `${request.protocol}://${request.host}/auth/google/callback`,
      passReqToCallback: true,
      scope: ['profile'],
    });
  }

This code doesn't work, i get unknown strategy "google",
Because the strategies must be not Scope.REQUEST

Bug with passport-strategy: TypeError: Class extends value undefined is not a constructor or null

Bug Report

passport-activedirectory throw an Exception on application start.

Current behavior

When Nest.js application starts, throw the following exception:

TypeError: Class extends value undefined is not a constructor or null
    at Object.PassportStrategy 
    at Object.<anonymous> 
    at Module._compile (module.js:652:30)
    at Module.m._compile
    at Module._extensions..js (module.js:663:10)
    at Object.require.extensions.(anonymous function) [as .ts] 
    at Module.load (module.js:565:32)
    at tryModuleLoad (module.js:505:12)
    at Function.Module._load (module.js:497:3)
    at Module.require (module.js:596:17)

This is my code:

AuthModule

import { Module } from '@nestjs/common';
import { AuthController } from './auth.controller';
import { AuthService } from './auth.service';
import { AdStrategy } from "./strategies/ad.strategy";
import {PassportModule} from '@nestjs/passport';

@Module({
  imports: [PassportModule],
  controllers: [AuthController],
  providers: [AuthService, AdStrategy]
})

export class AuthModule {

}

AdStrategy (strategies/ad.strategy.ts)

import {Strategy} from "passport-activedirectory";
import {AuthService} from "../auth.service";
import {PassportStrategy} from '@nestjs/passport';
import {Injectable} from "@nestjs/common";

@Injectable()
export class AdStrategy extends PassportStrategy(Strategy, 'activedirectory') {

    constructor(private readonly authService: AuthService) {
        super({
            integrated: false,
            ldap: {
                url: 'ldap://my.domain.com',
                baseDN: 'DC=my,DC=domain,DC=com',
                username: '[email protected]',
                password: 'readuserspassword'
            }
        });
    }

    async validate(profile, ad): Promise<any> {
         // TODO
         const user = this.authService.validateUser(username, password);
        if (!user) {
            throw new UnauthorizedException();
        }
        return user;
    }
}

Expected behavior

I expect the application run without exception.

Environment

Nest version: 6.0.0

For Tooling issues:

  • Node version: v8.11.2
  • Platform: Mac

Repository

https://github.com/djfabrix/nest-passport-ad-test

Can't import PassportStrategy from @nestjs/passport

I'm submitting a...


[x] Regression 
[ ] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Install the package

npm install @nestjs/passport

Importing something from the package results in an error.

import { PassportStrategy } from '@nestjs/passport';

[nodemon] 1.18.3
[nodemon] to restart at any time, enter `rs`
[nodemon] watching: /usr/src/api/src/**/*
[nodemon] starting `ts-node -r tsconfig-paths/register src/main.ts`
Error: Cannot find module './dist'

Environment

"@nestjs/passport": "^1.1.0",
  • Node version: v10.8.0
  • Platform: Linux

Specifying ~1.0.11 resolves the issue. Looks like a re-occurrence of #2

How best to implement OAuth using NestJs

I'm submitting a...


[ ] Regression 
[ ] Bug report
[ ] Feature request
[x] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Looking at the example here, it looks pretty straight forward, but I'll like to know how best it is to implement OAuth2 with NestJs using oauth2orize.
I'm pretty new to NestJs Ecosystems.
I also had a look at https://docs.nestjs.com/techniques/authentication, this helpful in setting up strategies but I'm concerned about the oauth2orize.createServer() implementation.

Thank you!

Check user role in canActivate

I'm submitting a...


[ ] Regression 
[X] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I don't know if it's a bug or of it's expected to work in this way.

I would like to check role coming inside jwt token in my auth guard, in canActivate method.

I've seen this approach in Guards example in documentation.

At this moment, payload seems to be decoded in validate method, in JWTStrategy class, but this happens after canActivate.

What would be the best approach to handle this?

If canActivate is not the right place to check this, where is it?

Expected behavior

Receive decoded token in canActivate

Minimal reproduction of the problem with instructions

Dependencies related with this:
@nest/passport
@nest/jwt

When server receives request, the flow is:

  • Guard / canActivate
  • JwtStrategy / validate (token decoded)
  • Guard / handleRequest: here I receive err, user, info parameters but always info parameter is undefined

What is the motivation / use case for changing the behavior?

Having a useful canActivate method.

Environment


Nest version: 5.3.5

 
For Tooling issues:
- Node version: 10.0.0  
- Platform:  Mac

Others:

Does 'nestjs/passport' support fastify?


[x] Feature request
[x] Documentation issue or request

From my understanding:
'passport' is highly reliant on 'express'. Therefore 'nestjs/passport' does not support 'fastify' or other httpadapters one might use.

I would just like it to be clarified to me, and if true, to be 'noted' in docs.

'openid-client' doesn't play well with @nestjs/passport

I'm submitting a...

[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

The strategy delivered by openid-client does not have access to all params such as userinfo-object because the library openid-client does a check on the number of parameters sent into the callback function. Because the callback function uses destructuring of the params, the number of parameters equals 0 and thus the userinfo-object of openid-client is not appended in the parameters. This is very unexpected behavior, as it "works" when putting the verify function directly in the constructor super call where the parameters are declared separately (tokenset, userinfo, done) => {}. This is unwanted as I would really like to stay idiomatic and use the framework as it is meant to be used.

Expected behavior

Ideally, I would be able to declare the params (tokenset, userinfo) in the validate function, as I am trying to do, and still have the openid-client correctly interpret the correct amount of parameters.

Minimal reproduction of the problem with instructions

In the below screenshot we see the check that adds the userinfo object if the length of the parameters of the verify/validate function is large enough. In our case when using the Nest PassportStrategy validate function, the destructuring of params results in this._verify.length // => 0.
Screenshot 2019-11-23 at 18 00 06

Here the destructuring happens:
Screenshot 2019-11-23 at 18 00 32

What is the motivation / use case for changing the behavior?

PassportModule should be able to support openid-client (OpenID Connect) which covers strategies for a wide range of IdPs such as Okta and OneLogin.

Environment


Nest version: 6.10.1

[Bug] Error: [object Object] using AuthGuard with GraphQL

When using the AuthGuard on a controller it works fine, but when used on a GraphQL query or mutation it shows the following error in terminal:

alt text

Probably graphql is waiting for the return of a false boolean in failure case, but authentication returns a http exception

This is my example

Extending `PassportStrategy` does not take provider specific OAuth2 options in account

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Extending PassportStrategy does not work as expected. In case of extending PassportStrategy(Strategy, 'google') additional OAuth2 options, respectively provider specific options like e.g. approval_prompt passed to Superconstructor are NOT applied. So it is not possible to obtain a REFRESH_TOKEN.

Expected behavior

Additional, provider specific OAuth2 options can be passed through the Superconstructor and become effective.

Minimal reproduction of the problem with instructions

My Google OAuth2 strategy implementation:

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-google-oauth20';
import { AuthService, Provider } from './auth.service';
import { ConfigService } from '../config/config.service';
import { User } from '../api/user/user.interface';

@Injectable()
export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {

  constructor(configService: ConfigService, private readonly authService: AuthService) {
    super({
      clientID: configService.get('OAUTH_CLIENT_ID'),
      clientSecret: configService.get('OAUTH_CLIENT_SECRET'),
      callbackURL: `${configService.baseUrl}/auth/google/callback`,
      passReqToCallback: true,
      scope: ['email', 'profile'],
      // NOT WORKING
      approval_prompt: 'force',
      access_type: 'offline',
    });
  }

  async validate(request: any, accessToken: string, refreshToken: string, profile: any, done: (err: any, result: any) => void) {
    // ...
  }

  // WORKAROUND: pass options to superclass auth call by overriding superclass method
  authorizationParams(options: any): any {
    return Object.assign(options, {
      approval_prompt: 'force',
      access_type: 'offline',
    });
  }
}

Environment


@nestjs/passport: 6.0.0

 
For Tooling issues:
- Node version: 10.11.0
- Platform:  Mac

error TS2307: Cannot find module 'passport'

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Cannot use @nestjs/passport because I am getting the following error:

> nest start --watch
[20:10:02] Starting compilation in watch mode...

node_modules/@nestjs/passport/dist/passport/passport.serializer.d.ts:1:27 - error TS2307: Cannot find module 'passport'.

1 import * as passport from 'passport';
                            ~~~~~~~~~~

[20:10:05] Found 1 error. Watching for file changes.

Expected behavior

Minimal reproduction of the problem with instructions

Please check out this repository where you can see the error:

https://github.com/rbutera/nestjs-task-management

try npm run start:dev and see the error for yourself.

Environment


Nest version: 7.x

 
For Tooling issues:
- Node version: v13.14.0
- Platform: Mac

Others:
Tried using both npm and yarn. same issue.

AuthGuard's handleRequest should accept 4 arguments

I'm submitting a...


[ ] Regression 
[x] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Currently AuthGuard's method handleRequest waiting for 3 arguments from authenticate to callback. But passport passes 4th argument when strategy using fail method - status code (https://github.com/jaredhanson/passport/blob/master/lib/middleware/authenticate.js - lines 107, 111).

Expected behavior

handleRequest should accept 4 arguments

Fails silently. Didn't log anything when failed to auth

I'm submitting a...


[ ] Regression 
[ ] Bug report
[x ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I'm playing on the sample of nest, particularly 19-auth-jwt.
It works well. The secret is not a real one and I got 401 as expected.
The thing is I hope there is some information logged on the console.

Expected behavior

Hope there are some error informations.

Minimal reproduction of the problem with instructions

https://github.com/nestjs/nest/tree/master/sample/19-auth-jwt

After running the server, request http://localhost:3000/profile.
Hope there's some error information on the console.

What is the motivation / use case for changing the behavior?

An issue has been raised before and closed somehow.
We could overwrite handleRequest just like others did in #33 (comment).
I think it will be better for us to debug if it's already built-in.

Environment


Nest version: 6.10.13

 
For Tooling issues:
- Node version: XX  
- Platform:  

Others:

Need a way to destroy the session if a user token is malformed.

I'm submitting a...


[ ] Regression 
[X] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

This is a bug report and/or feature request -- the behavior is necessary for proper authentication error handling.

Issue: There's no way to remove the session if the JWT token is malformed. Passport de-serialization just fails, and there's no access to the request and response objects in context.

Related to #136 -- however, without the response context, it may not be possible to handle all session operations in many standard workflows.

Expected behavior

Deserialization errors could be caught, and handled (with the request / response context). Without this, the session can't be fixed.

What is the motivation / use case for changing the behavior?

  1. User JWT token is malformed.
  2. Passport de-serialization fails.
  3. Server must do some global error-handling... but it does not globally have the request / response context to fix or remove the token.

[Nest] Class constructor MixinStrategy cannot be invoked without 'new'

Hello. Can you please direct me on right way of understanding this error.


[ ] Regression 
[X] Bug report
[ ] Feature request
[X] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

import { OIDCStrategy } from 'passport-azure-ad';
import { PassportStrategy } from '@nestjs/passport';


@Injectable()
export class MyStrategy extends PassportStrategy(OIDCStrategy, 'azuread-openidconnect') {

  constructor(private readonly authService: AuthService) {
    super (
      {identityMetadata: config.identityMetadata,...},
      (req, iss, sub, profile, jwtClaims, access_token, refresh_token, params, done) => {....}
    );
  }
}

And i got fail on string where "super (" is written
[Nest] Class constructor MixinStrategy cannot be invoked without 'new'

Validate AuthGuard with parameters

I'm submitting a...


[ ] Regression
[ ] Bug report
[ ] Feature request
[X] Documentation issue or request
[ ] Support request

Minimal reproduction of the problem with instructions

I am using AuthGuard, in the Docs you say that you can call it like this @UseGuards(AuthGuard('jwt')) and the that AuthGuard accepts a second argument, options object that you are able to pass in order to determine the passport behavior.

The idea behind this is that I can make a call like this @UseGuards(AuthGuard('jwt',{roles: 'admin'})) so that I can give access only if the jwt has the 'admin' role. However, it is impossible to access these options from the validate method in the JwtStrategy.

This is my code, extracted from the 19-auth project:

jwt.strategy.ts


export class JwtStrategy extends PassportStrategy(Strategy) {
    constructor(private readonly authService: AuthService) {
        super({
            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
            secretOrKey: 'secretKey',
        });
    }

    async validate(payload: JwtPayload, done: Function) {
        const user = await this.authService.validateUser(payload);
        // I want to use the options here in order to check the roles
        if (!user) {
            return done(new UnauthorizedException(), false);
        }
        done(null, user);
    }
}

auth.controller.ts


@Get('data')
  @UseGuards(AuthGuard('jwt',{roles: 'admin'}))
  findAll() {
    return 'ACK';
  }

How can I get these options from there?
Thank you in advance.

Passport's logIn() function is not called

Hallo,
when using the guard to protect the login-route, the user is correctly set at the request-object when the user passes the right credentials (I am using the LocalStrategy). So I though, everything would be alright...
but the user is not persisted to the session.

By debugging I found out that the AuthGuard doesn't call Passport's logIn()-function and therefore the user is only set to the request, but not persisted to the session. I believe this is quite an unexpected behavior for most users because it is different to the default way that Passport works.

In my opinion this should either be fixed or at least documented.

AuthGuard's handleRequest callback arguments order

I'm submitting a...

[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Currently AuthGuard's method handleRequest is using 3 arguments, but the order of them are different between the callback creation (L46) and the execution (L85).

callback(err, user, info)
(err, info, user) => this.handleRequest(err, info, user)

There is no bug here because it just receive and pass the arguments, but it's confusing and could cause issues.

Expected behavior
The callback creation should be (err, user, info) => this.handleRequest(err, user, info)

Allow string array as an argument for AuthGuard and defaultStrategy option.

I'm submitting a...


[ ] Regression 
[x] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Though Passport allow for an array of string to be passed as an argument for the declared strategies, AuthGuard, and defaultStrategy does not.

Expected behavior

From nestjs/nest#2116:

Be able to specifify multiple authtentication middlewares | authGuards to protect the same resources, let's say for example if a haver this controller but want to be able to authenticate for twitter and google.
In this case the controller method should be accesible whether im logged in via twitter or google

Minimal reproduction of the problem with instructions

@UseGuards(AuthGuard(['google', 'twitter']))
                     ~~~~~~~~~~~~~~~~~~~~~ // <-- Argument of type 'string[]' is not assignable to parameter of type 'string'. 
async sayHello(){
  return  "hello"
}

What is the motivation / use case for changing the behavior?

This module should allow to interact with Passport as if we were interacting with Passport directly.

Environment


Nest Passport version: 6.0.0


Others:

Make the custom callback function part of the service strategy

I'm submitting a...


[ ] Regression 
[ ] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request

Current behavior

If we want to override the strategy callback function, we must provide the custom function each time we use AuthGuard.


@UseGuards(AuthGuard('jwt', { callback: customCallback }))

Expected behavior

It would be more elegant to set the callback function once in the strategy class.


export declare abstract class AbstractStrategy {
     callback: (err, user, info) => {
        if (err || !user) {
          throw err || new UnauthorizedException();
        }
        return user;
     }
    abstract validate(...args: any[]): any;
}

What is the motivation / use case for changing the behavior?

Normally, we use the same function for the entire application.

[Feature Request] Custom Callback

By default, if authentication fails, the AuthGuard will respond with a generic unauthorized error message.

But In some cases the built-in options are not sufficient to handle an authentication request.
Then it should be possible provide a Custom Callback to allow the application to handle success or failure.
For example:

const CustomCallback = (err, user, info) => {
  let message
  if (err) {
    return Promise.reject(err || new UnauthorizedException());
  } else if (typeof info != 'undefined' || !user) {
    switch (info.message) {
      case 'No auth token':
      case 'invalid signature':
      case 'jwt malformed':
      case 'invalid token':
        message = "You must provide a valid authenticated access token"
        break
      case 'jwt expired':
        message = "Your session has expired. Please log in again"
        break
    }
    return Promise.reject(new UnauthorizedException(message))
  }
  Promise.resolve(user);
}
  @Get('data')
  @UseGuards(AuthGuard('jwt', { session: false }, CustomCallback))
  getSensitiveData() {
    // this route is restricted
  }

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.