deitch
Init function should have option to redirect on authentication failure
Init function should have option to redirect on authentication failure with status 302 Found.
Redirect to login page is desirable in the following cases.
- The token is expired.
- Basic auth credentials are not passed.
- Passwords did not match.
302 makes sense primarily in the context of a Web UI. Normally REST API calls do not invoke a 302 but a 401, potentially with a Location header (I was dealing with precisely this issue over the last 2 weeks with a client).
So what we would need is:
- A definition of the default response - currently
401, overridable to302on a global basis - A per-route override, like below (without which it would use the global default):
// for UI
app.get("/secure/loggedin",cansec.unauthorized(302),cansec.restrictToLoggedIn,send200);
// for API - returns 401 because that is the default
app.get("/api/secure/loggedin",cansec.restrictToLoggedIn,send200);
If you want to set the default otherwise:
cansec.init({... , unauthenticatedCode: 302, ...});
// for UI - returns 302 because that was set in this case as the primary
app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200);
// for API
app.get("/api/secure/loggedin",cansec.unauthorized(401),cansec.restrictToLoggedIn,send200);
Open to a PR when you are ready.
What would be the route entry in the config file? What about the location header for 302?
What about the location header for 302?
Good point, so you would need to extend the init() to include that. Maybe more like:
cansec.init({... , unauthenticated: {code: 302, location: ...}, ...});