Merge branch 'tests'

Author: Leon Strauss

README.md

@@ -125,13 +125,17 @@ function getUnauthorizedResponse(req) {
 
 Per default the middleware will not add a `WWW-Authenticate` challenge header to
 responses of unauthorized requests. You can enable that by adding `challenge: true`
-to the options object. This will cause most browsers to show a popup to enter credentials
-on unauthorized responses:
+to the options object. This will cause most browsers to show a popup to enter
+credentials on unauthorized responses. You can set the realm (the realm
+identifies the system to authenticate against and can be used by clients to save
+credentials) of the challenge by passing a static string or a function that gets
+passed the request object and is expected to return the challenge:
 
 ```js
 app.use(basicAuth({
     users: { 'someuser': 'somepassword' },
-    challenge: true
+    challenge: true,
+    realm: 'Imb4T3st4pp'
 }))
 ```
 
@@ -148,8 +152,11 @@ node example.js
 This will start a small express server listening at port 8080. Just look at the file,
 try out the requests and play around with the options.
 
-## To Do
+## Tests
 
-- Allow to set a realm for the challenge
-- Some kind of automated testing with the example server
-- Decide what should be included in `1.0.0`
+The cases in the `example.js` are also used for automated testing. So if you want  
+to contribute or just make sure that the package still works, simply run:
+
+```shell
+npm test
+```

example.js

@@ -60,6 +60,20 @@ var jsonBodyAuth = basicAuth({
     unauthorizedResponse: { foo: 'bar' }
 })
 
+//Uses a custom realm
+var realmAuth = basicAuth({
+    challenge: true,
+    realm: 'test'
+})
+
+//Uses a custom realm function
+var realmFunctionAuth = basicAuth({
+    challenge: true,
+    realm: function (req) {
+        return 'bla'
+    }
+})
+
 app.get('/static', staticUserAuth, function(req, res) {
     res.status(200).send('You passed')
 })
@@ -88,6 +102,14 @@ app.get('/jsonbody', jsonBodyAuth, function(req, res) {
     res.status(200).send('You passed')
 })
 
+app.get('/realm', realmAuth, function(req, res) {
+    res.status(200).send('You passed')
+})
+
+app.get('/realmfunction', realmFunctionAuth, function(req, res) {
+    res.status(200).send('You passed')
+})
+
 app.listen(8080, function() {
     console.log("Listening!")
 })

index.js

@@ -1,19 +1,24 @@
 const auth = require('basic-auth')
 const assert = require('assert')
 
+function ensureFunction(option, defaultValue) {
+    if(option == undefined)
+        return function() { return defaultValue }
+
+    if(typeof option != 'function')
+        return function() { return option }
+
+    return option
+}
+
 function buildMiddleware(options) {
     var challenge = options.challenge != undefined ? !!options.challenge : false
     var users = options.users || {}
     var authorizer = options.authorizer || staticUsersAuthorizer
     var isAsync = options.authorizeAsync != undefined ? !!options.authorizeAsync : false
-    var getResponseBody = options.unauthorizedResponse
+    var getResponseBody = ensureFunction(options.unauthorizedResponse, '')
+    var realm = ensureFunction(options.realm)
 
-    if(!getResponseBody)
-        getResponseBody = function() { return '' }
-    else if(typeof getResponseBody != 'function')
-        getResponseBody = function() { return options.unauthorizedResponse }
-
-    assert(typeof getResponseBody == 'function', 'Expected a string or function for the unauthorizedResponse option')
     assert(typeof users == 'object', 'Expected an object for the basic auth users, found ' + typeof users + ' instead')
     assert(typeof authorizer == 'function', 'Expected a function for the basic auth authorizer, found ' + typeof authorizer + ' instead')
 
@@ -44,9 +49,15 @@ function buildMiddleware(options) {
         return next()
 
         function unauthorized() {
-            //TODO: Allow to set realm for the challenge
-            if(challenge)
-                res.set('WWW-Authenticate', 'Basic')
+            if(challenge) {
+                var challengeString = 'Basic'
+                var realmName = realm(req)
+
+                if(realmName)
+                    challengeString += ' realm="' + realmName + '"'
+
+                res.set('WWW-Authenticate', challengeString)
+            }
 
             //TODO: Allow response body to be JSON (maybe autodetect?)
             const response = getResponseBody(req)

package.json

@@ -3,6 +3,9 @@
   "version": "0.3.3",
   "description": "Plug & play basic auth middleware for express",
   "main": "index.js",
+  "scripts": {
+    "test": "mocha test.js"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/LionC/express-basic-auth.git"
@@ -22,5 +25,10 @@
   "homepage": "https://github.com/LionC/express-basic-auth#readme",
   "dependencies": {
     "basic-auth": "^1.0.4"
+  },
+  "devDependencies": {
+    "mocha": "^3.2.0",
+    "should": "^11.2.0",
+    "supertest": "^3.0.0"
   }
 }