angel_auth 2.1.5+1

  • README.md
  • CHANGELOG.md
  • Example
  • Installing
  • Versions
  • 87

angel_auth #

Pub build status

A complete authentication plugin for Angel. Inspired by Passport.

Wiki #

Click here.

Bundled Strategies #

  • Local (with and without Basic Auth)
  • Find other strategies (Twitter, Google, OAuth2, etc.) on Pub!!!

Example #

Ensure you have read the wiki.

configureServer(Angel app) async {
  var auth = AngelAuth<User>();
  auth.serializer = ...;
  auth.deserializer = ...;
  auth.strategies['local'] = LocalAuthStrategy(...);
  
  // POST route to handle username+password
  app.post('/local', auth.authenticate('local'));

  // Using Angel's asynchronous injections, we can parse the JWT
  // on demand. It won't be parsed until we check.
  app.get('/profile', ioc((User user) {
    print(user.description);
  }));
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
  
  // Apply angel_auth-specific configuration.
  await app.configure(auth.configureServer);
}

Default Authentication Callback #

A frequent use case within SPA's is opening OAuth login endpoints in a separate window. angel_client provides a facility for this, which works perfectly with the default callback provided in this package.

configureServer(Angel app) async {
  var handler = auth.authenticate(
    'facebook',
    AngelAuthOptions(callback: confirmPopupAuthentication()));
  app.get('/auth/facebook', handler);
  
  // Use a comma to try multiple strategies!!!
  //
  // Each strategy is run sequentially. If one succeeds, the loop ends.
  // Authentication failures will just cause the loop to continue.
  // 
  // If the last strategy throws an authentication failure, then
  // a `401 Not Authenticated` is thrown.
  var chainedHandler = auth.authenticate(
    ['basic','facebook'],
    authOptions
  );
}

This renders a simple HTML page that fires the user's JWT as a token event in window.opener. angel_client exposes this as a Stream:

app.authenticateViaPopup('/auth/google').listen((jwt) {
  // Do something with the JWT
});

2.1.5+1 #

  • Fix error in popup page.

2.1.5 #

  • Modify _apply to honor an existing User over Future<User>.

2.1.4 #

  • Deprecate decodeJwt, in favor of asynchronous injections.

2.1.3 #

  • Use await on redirects, etc.

2.1.2 #

  • Change empty cookie string to have double quotes (thanks @korsvanloon).

2.1.1 #

  • Added scopes to ExternalAuthOptions.

2.1.0 #

  • Added ExternalAuthOptions.

2.0.4 #

  • successRedirect was previously explicitly returning a 200; remove this and allow the default 302.

2.0.3 #

  • Updates for streaming parse of request bodies.

2.0.2 #

  • Handle null return in authenticate + failureRedirect.

2.0.1 #

  • Add generic parameter to options on AuthStrategy.authenticate.

2.0.0+1 #

  • Meta update to improve Pub score.

2.0.0 #

  • Made AuthStrategy generic.
  • AngelAuth.strategies is now a Map<String, AuthStrategy<User>>.
  • Removed AuthStrategy.canLogout.
  • Made AngelAuthTokenCallback generic.

2.0.0-alpha #

  • Depend on Dart 2 and Angel 2.
  • Remove dart2_constant.
  • Remove requireAuth.
  • Remove userKey, instead favoring generic parameters.

1.2.0 #

  • Deprecate requireAuth, in favor of requireAuthentication.
  • Allow configuring of the userKey.
  • Deprecate middlewareName.

1.1.1+6 #

  • Fix a small logic bug that prevented LocalAuthStrategy from correctly propagating the authenticated user when using Basic auth.

1.1.1+5 #

  • Prevent duplication of cookies.
  • Regenerate the JWT if tokenCallback is called.

1.1.1+4 #

  • Patched logout to properly erase cookies
  • Fixed checking of expired tokens.

1.1.1+3 #

  • authenticate returns the current user, if one is present.

1.1.1+2 #

  • _apply now always sends a token cookie.

1.1.1+1 #

  • Update protectCookie to only send maxAge when it is not -1.

1.1.1 #

  • Added protectCookie, to better protect data sent in cookies.

1.1.0+2 #

  • LocalAuthStrategy returns true on Basic authentication.

1.1.0+1 #

  • Modified LocalAuthStrategy's handling of Basic authentication.

example/example.dart

import 'dart:async';
import 'package:angel_auth/angel_auth.dart';
import 'package:angel_framework/angel_framework.dart';
import 'package:angel_framework/http.dart';

main() async {
  var app = Angel();
  var auth = AngelAuth<User>();

  auth.serializer = (user) => user.id;

  auth.deserializer = (id) => fetchAUserByIdSomehow(id);

  // Middleware to decode JWT's and inject a user object...
  await app.configure(auth.configureServer);

  auth.strategies['local'] = LocalAuthStrategy((username, password) {
    // Retrieve a user somehow...
    // If authentication succeeds, return a User object.
    //
    // Otherwise, return `null`.
  });

  app.post('/auth/local', auth.authenticate('local'));

  var http = AngelHttp(app);
  await http.startServer('127.0.0.1', 3000);

  print('Listening at http://127.0.0.1:3000');
}

class User {
  String id, username, password;
}

Future<User> fetchAUserByIdSomehow(id) async {
  // Fetch a user somehow...
  throw UnimplementedError();
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  angel_auth: ^2.1.5+1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter pub get

Alternatively, your editor might support pub get or flutter pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:angel_auth/angel_auth.dart';
  
Version Uploaded Documentation Archive
2.1.5+1 May 3, 2019 Go to the documentation of angel_auth 2.1.5+1 Download angel_auth 2.1.5+1 archive
2.1.5 Apr 20, 2019 Go to the documentation of angel_auth 2.1.5 Download angel_auth 2.1.5 archive
2.1.4 Apr 19, 2019 Go to the documentation of angel_auth 2.1.4 Download angel_auth 2.1.4 archive
2.1.3 Apr 19, 2019 Go to the documentation of angel_auth 2.1.3 Download angel_auth 2.1.3 archive
2.1.2 Apr 11, 2019 Go to the documentation of angel_auth 2.1.2 Download angel_auth 2.1.2 archive
2.1.1 Jan 5, 2019 Go to the documentation of angel_auth 2.1.1 Download angel_auth 2.1.1 archive
2.1.0 Jan 4, 2019 Go to the documentation of angel_auth 2.1.0 Download angel_auth 2.1.0 archive
2.0.4 Dec 31, 2018 Go to the documentation of angel_auth 2.0.4 Download angel_auth 2.0.4 archive
2.0.3 Dec 9, 2018 Go to the documentation of angel_auth 2.0.3 Download angel_auth 2.0.3 archive
2.0.2 Nov 9, 2018 Go to the documentation of angel_auth 2.0.2 Download angel_auth 2.0.2 archive

All 53 versions...

Popularity:
Describes how popular the package is relative to other packages. [more]
81
Health:
Code health derived from static analysis. [more]
88
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
100
Overall:
Weighted score of the above. [more]
87
Learn more about scoring.

We analyzed this package on Jun 25, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.3.2
  • pana: 0.12.18

Platforms

Detected platforms: Flutter, other

Primary library: package:angel_auth/angel_auth.dart with components: io.

Health suggestions

Fix lib/src/plugin.dart. (-4.89 points)

Analysis of lib/src/plugin.dart reported 10 hints, including:

line 3 col 23: Use lowercase_with_underscores when specifying a library prefix.

line 70 col 35: DO use curly braces for all flow control structures.

line 96 col 7: DO use curly braces for all flow control structures.

line 99 col 7: DO use curly braces for all flow control structures.

line 104 col 7: DO use curly braces for all flow control structures.

Fix lib/src/strategies/local.dart. (-3.45 points)

Analysis of lib/src/strategies/local.dart reported 7 hints, including:

line 26 col 8: Don't type annotate initializing formals.

line 27 col 7: Don't type annotate initializing formals.

line 28 col 7: Don't type annotate initializing formals.

line 30 col 7: Don't type annotate initializing formals.

line 31 col 7: Don't type annotate initializing formals.

Fix lib/src/auth_token.dart. (-2.48 points)

Analysis of lib/src/auth_token.dart reported 5 hints:

line 65 col 7: DO use curly braces for all flow control structures.

line 75 col 7: DO use curly braces for all flow control structures.

line 83 col 7: DO use curly braces for all flow control structures.

line 121 col 5: DO use curly braces for all flow control structures.

line 123 col 5: DO use curly braces for all flow control structures.

Fix lib/src/middleware/require_auth.dart. (-1 points)

Analysis of lib/src/middleware/require_auth.dart reported 2 hints:

line 30 col 9: DO use curly braces for all flow control structures.

line 39 col 7: DO use curly braces for all flow control structures.

Fix lib/src/options.dart. (-0.50 points)

Analysis of lib/src/options.dart reported 1 hint:

line 29 col 7: Don't type annotate initializing formals.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.0.0-dev <3.0.0
angel_framework ^2.0.0-rc.6 2.0.3
charcode ^1.0.0 1.1.2
collection ^1.0.0 1.14.11
crypto ^2.0.0 2.0.6
http_parser ^3.0.0 3.1.3
meta ^1.0.0 1.1.7
quiver_hashcode ^2.0.0 2.0.0
Transitive dependencies
angel_container 1.0.4
angel_http_exception 1.1.0
angel_model 1.0.3
angel_route 3.0.6
code_buffer 1.0.1
combinator 1.1.0
convert 2.1.1
dart2_constant 1.0.2+dart2
file 5.0.8+1
http2 1.0.0
http_server 0.9.8+2
intl 0.15.8
matcher 0.12.5
merge_map 1.0.2
mime 0.9.6+3
mock_request 1.0.5
path 1.6.2
quiver 2.0.3
source_span 1.5.5
stack_trace 1.9.3
string_scanner 1.0.4
term_glyph 1.1.0
tuple 1.0.2
typed_data 1.1.6
uuid 2.0.2
Dev dependencies
http ^0.12.0
io ^0.3.2
logging ^0.11.0 0.11.3+2
pedantic ^1.0.0 1.7.0
test ^1.0.0