Merge pull request #26 from vapor/unauth-protocol-refactor

adds unauth + protocol reqs

Author: tanner0101

Sources/Authentication/Basic/Basic+Authenticate.swift

@@ -17,8 +17,45 @@ public protocol BasicAuthenticatable: Authenticatable {
     /// The key under which the user's password
     /// is stored.
     static var passwordKey: PasswordKey { get }
+
+    /// Authenticates using the supplied credentials, connection, and verifier.
+    static func authenticate(
+        using basic: BasicAuthorization,
+        verifier: PasswordVerifier,
+        on connection: DatabaseConnectable
+    ) -> Future<Self?>
 }
 
+extension BasicAuthenticatable where Database: QuerySupporting {
+    /// See `BasicAuthenticatable.authenticate(...)`
+    public static func authenticate(
+        using basic: BasicAuthorization,
+        verifier: PasswordVerifier,
+        on connection: DatabaseConnectable
+    ) -> Future<Self?> {
+        return Self
+            .query(on: connection)
+            .filter(usernameKey == basic.username)
+            .first()
+            .map(to: Self?.self)
+        { user in
+            guard let user = user else {
+                return nil
+            }
+
+            guard try verifier.verify(
+                password: basic.password,
+                matches: user.basicPassword
+            ) else {
+                return nil
+            }
+
+            return user
+        }
+    }
+}
+
+
 extension BasicAuthenticatable {
     /// Accesses the model's password
     public var basicPassword: String {

Sources/Authentication/Basic/BasicAuthenticatable.swift

@@ -5,23 +5,13 @@ import Vapor
 /// instance to pass through.
 ///
 /// use `req.requireAuthenticated(A.self)` to fetch the instance.
-public final class BasicAuthenticationMiddleware<A>: Middleware
-    where A: BasicAuthenticatable, A.Database: QuerySupporting
-{
+public final class BasicAuthenticationMiddleware<A>: Middleware where A: BasicAuthenticatable {
     /// the required password verifier
     public let verifier: PasswordVerifier
 
-    /// The database identifier
-    public let database: DatabaseIdentifier<A.Database>
-
     /// create a new password auth middleware
-    public init(
-        authenticatable type: A.Type = A.self,
-        verifier: PasswordVerifier,
-        database: DatabaseIdentifier<A.Database>
-    ) {
+    public init(authenticatable type: A.Type = A.self, verifier: PasswordVerifier) {
         self.verifier = verifier
-        self.database = database
     }
 
     /// See Middleware.respond
@@ -41,36 +31,27 @@ public final class BasicAuthenticationMiddleware<A>: Middleware
             )
         }
 
-        // get database connection
-        return req.connect(to: self.database).flatMap(to: Response.self) { conn in
-            // auth user on connection
-            return A.authenticate(
-                using: password,
-                verifier: self.verifier,
-                on: conn
-            ).flatMap(to: Response.self) { a in
-                guard let a = a else {
-                    throw Abort(.unauthorized, reason: "Invalid credentials")
-                }
-
-                // set authed on request
-                try req.authenticate(a)
-                return try next.respond(to: req)
+        // auth user on connection
+        return A.authenticate(
+            using: password,
+            verifier: self.verifier,
+            on: req
+        ).flatMap(to: Response.self) { a in
+            guard let a = a else {
+                throw Abort(.unauthorized, reason: "Invalid credentials")
             }
+
+            // set authed on request
+            try req.authenticate(a)
+            return try next.respond(to: req)
         }
     }
 }
 
 extension BasicAuthenticatable where Database: QuerySupporting {
     /// Creates a basic auth middleware for this model.
     /// See `BasicAuthenticationMiddleware`.
-    public static func basicAuthMiddleware(
-        using verifier: PasswordVerifier,
-        database: DatabaseIdentifier<Database>? = nil
-    ) throws -> BasicAuthenticationMiddleware<Self> {
-        return try BasicAuthenticationMiddleware(
-            verifier: verifier,
-            database: database ?? Self.requireDefaultDatabase()
-        )
+    public static func basicAuthMiddleware(using verifier: PasswordVerifier) -> BasicAuthenticationMiddleware<Self> {
+        return BasicAuthenticationMiddleware(verifier: verifier)
     }
 }

Sources/Authentication/Basic/BasicAuthenticationMiddleware.swift

@@ -9,8 +9,28 @@ public protocol BearerAuthenticatable: Authenticatable {
 
     /// The key under which the model's unique token is stored.
     static var tokenKey: TokenKey { get }
+
+    /// Authenticates using the supplied credentials and connection.
+    static func authenticate(
+        using bearer: BearerAuthorization,
+        on connection: DatabaseConnectable
+    ) -> Future<Self?>
 }
 
+extension BearerAuthenticatable where Database: QuerySupporting {
+    /// See `BearerAuthenticatable.authenticate(...)`
+    public static func authenticate(
+        using bearer: BearerAuthorization,
+        on connection: DatabaseConnectable
+    ) -> Future<Self?> {
+        return Self
+            .query(on: connection)
+            .filter(tokenKey == bearer.token)
+            .first()
+    }
+}
+
+
 extension BearerAuthenticatable {
     /// Accesses the model's token
     public var bearerToken: String {

Sources/Authentication/Bearer/Bearer+Authenticate.swift

@@ -5,19 +5,9 @@ import Vapor
 /// instance to pass through.
 ///
 /// use `req.requireAuthenticated(A.self)` to fetch the instance.
-public final class BearerAuthenticationMiddleware<A>: Middleware
-    where A: BearerAuthenticatable, A.Database: QuerySupporting
-{
-    /// The database identifier
-    public let database: DatabaseIdentifier<A.Database>
-
+public final class BearerAuthenticationMiddleware<A>: Middleware where A: BearerAuthenticatable {
     /// Creates a new `BearerAuthenticationMiddleware`.
-    public init(
-        _ type: A.Type = A.self,
-        database: DatabaseIdentifier<A.Database>
-    ) {
-        self.database = database
-    }
+    public init(_ type: A.Type = A.self) {}
 
     /// See Middleware.respond
     public func respond(to req: Request, chainingTo next: Responder) throws -> Future<Response> {
@@ -35,33 +25,26 @@ public final class BearerAuthenticationMiddleware<A>: Middleware
             )
         }
 
-        // get database connection
-        return req.connect(to: database).flatMap(to: Response.self) { conn in
-            // auth user on connection
-            return A.authenticate(
-                using: token,
-                on: conn
-            ).flatMap(to: Response.self) { a in
-                guard let a = a else {
-                    throw Abort(.unauthorized, reason: "Invalid credentials")
-                }
-                
-                // set authed on request
-                try req.authenticate(a)
-                return try next.respond(to: req)
+        // auth user on connection
+        return A.authenticate(
+            using: token,
+            on: req
+        ).flatMap(to: Response.self) { a in
+            guard let a = a else {
+                throw Abort(.unauthorized, reason: "Invalid credentials")
             }
+
+            // set authed on request
+            try req.authenticate(a)
+            return try next.respond(to: req)
         }
     }
 }
 
-extension BearerAuthenticatable where Database: QuerySupporting {
+extension BearerAuthenticatable {
     /// Creates a basic auth middleware for this model.
     /// See `BasicAuthenticationMiddleware`.
-    public static func bearerAuthMiddleware(
-        database: DatabaseIdentifier<Database>? = nil
-    ) throws -> BearerAuthenticationMiddleware<Self> {
-        return try BearerAuthenticationMiddleware(
-            database: database ?? Self.requireDefaultDatabase()
-        )
+    public static func bearerAuthMiddleware() -> BearerAuthenticationMiddleware<Self> {
+        return BearerAuthenticationMiddleware()
     }
 }

Sources/Authentication/Bearer/BearerAuthenticatable.swift

@@ -4,11 +4,19 @@ import Service
 import Vapor
 
 /// Authenticatable using a username and password.
-public protocol PasswordAuthenticatable: BasicAuthenticatable { }
+public protocol PasswordAuthenticatable: BasicAuthenticatable {
+    /// Authenticates using a username and password using the supplied
+    /// verifier on the supplied connection.
+    static func authenticate(
+        username: String,
+        password: String,
+        using verifier: PasswordVerifier,
+        on worker: DatabaseConnectable
+    ) -> Future<Self?>
+}
 
 extension PasswordAuthenticatable where Database: QuerySupporting {
-    /// Authenticates using a username and password using the supplied
-    // verifier on the supplied connection.
+    /// See `PasswordAuthenticatable.authenticate(...)`
     public static func authenticate(
         username: String,
         password: String,

Sources/Authentication/Bearer/BearerAuthenticationMiddleware.swift

@@ -3,36 +3,23 @@ import Vapor
 
 /// Persists authentication done by another auth middleware
 /// allowing the authentication to only be passed once.
-public final class AuthenticationSessionsMiddleware<A>: Middleware
-    where A: Authenticatable, A.Database: QuerySupporting, A.ID: StringConvertible
-{
-    /// The database identifier
-    public let database: DatabaseIdentifier<A.Database>
-
+public final class AuthenticationSessionsMiddleware<A>: Middleware where A: SessionAuthenticatable {
     /// create a new password auth middleware
-    public init(
-        authenticatable type: A.Type = A.self,
-        database: DatabaseIdentifier<A.Database>
-    ) {
-        self.database = database
-    }
+    public init(authenticatable type: A.Type = A.self) { }
 
     /// See Middleware.respond
     public func respond(to req: Request, chainingTo next: Responder) throws -> Future<Response> {
         let future: Future<Void>
         if let aID = try req.authenticatedSession(A.self) {
-            // get database connection
-            future = req.connect(to: database).flatMap(to: Void.self) { conn in
-                // try to find user with id from session
-                return A.find(aID, on: conn).flatMap(to: Void.self) { a in
-                    // if the user was found, auth it
-                    if let a = a {
-                        try req.authenticate(a)
-                    }
-
-                    // return done
-                    return .done
+            // try to find user with id from session
+            future = A.authenticate(id: aID, on: req).flatMap(to: Void.self) { a in
+                // if the user was found, auth it
+                if let a = a {
+                    try req.authenticate(a)
                 }
+
+                // return done
+                return .done
             }
         } else {
             // no need to authenticate
@@ -53,26 +40,10 @@ public final class AuthenticationSessionsMiddleware<A>: Middleware
     }
 }
 
-extension Request {
-    /// Authenticates the model into the session.
-    public func authenticateSession<A>(_ a: A) throws where A: Authenticatable, A.ID: StringConvertible {
-        try session()["_" + A.name + "Session"] = try a.requireID().convertToString()
-    }
-
-    /// Returns the authenticatable type's ID if it exists
-    /// in the session data.
-    public func authenticatedSession<A>(_ a: A.Type) throws -> A.ID? where A: Authenticatable, A.ID: StringConvertible  {
-        guard let idString = try session()["_" + A.name + "Session"] else {
-            return nil
-        }
-        return try A.ID.convertFromString(idString)
-    }
-}
-
-extension Authenticatable where Database: QuerySupporting, Self.ID: StringConvertible {
+extension SessionAuthenticatable {
     /// Create a `AuthenticationSessionsMiddleware` for this model.
     /// See `AuthenticationSessionsMiddleware`.
-    public static func authSessionsMiddleware() throws -> AuthenticationSessionsMiddleware<Self> {
-        return try .init(database: Self.requireDefaultDatabase())
+    public static func authSessionsMiddleware() -> AuthenticationSessionsMiddleware<Self> {
+        return .init()
     }
 }