jaguar_auth 2.1.1

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 67

jaguar_auth

Authentication interceptors and helper functions for Jaguar. This package builds on Session infrastructure provided by jaguar.

This package provides three types of authentication:

  1. Basic auth
  2. Form auth
  3. JSON auth

And an Authorizer

User model

AuthorizationUser is the interface user models must implement to work with Authorizer and AuthModelManager.

AuthorizationUser demands that the model implements a getter named authorizationId that uniquely identifies the user. This is usually stored in session to associate session with a user.

Typically, user id, email or username is used as authorizationId.

Example

The user model User uses user-id as authorizationId. Notice that User implements AuthorizationUser interface.

class User implements AuthorizationUser {
  String id;

  String username;

  String password;

  User(this.id, this.username, this.password);

  String get authorizationId => id;
}

Model manager

AuthModelManager implements methods to fetch the user model and also to authenticate the user against a password in a username-password setup. This decouples data layer from the authentication logic. Authenticators and Authorizers use AuthModelManager to stay database agnostic.

AuthModelManager defines three methods:

  1. fetchModelByAuthenticationId fetchModelByAuthenticationId is used by authenticate method to fetch user model by authentication id. Typically, username, email or even phone number is used as authentication id.
  2. fetchModelByAuthorizationId fetchModelByAuthorizationId is used by Authorizer to identify and fetch the user model from data store.
  3. authenticate authenticate method authenticates a user given their authentication id and a passphrase. Internally, authenticate uses fetchModelByAuthenticationId to fetch the user model by authentication id from the data storage. It then verifies that the pass phrase matches the one the model has.

Example

/// Model manager to authenticate against a static list of user models
class WhiteListPasswordChecker implements AuthModelManager<User> {
  /// User models to white list
  final Map<String, User> models;

  /// Password hasher
  final Hasher hasher;

  const WhiteListPasswordChecker(Map<String, User> models, {Hasher hasher})
      : models = models ?? const {},
        hasher = hasher ?? const NoHasher();

  User authenticate(Context ctx, String username, String password) {
    User model = fetchByAuthenticationId(ctx, username);

    if (model == null) {
      return null;
    }

    if (!hasher.verify(password, model.password)) {
      return null;
    }

    return model;
  }

  User fetchByAuthenticationId(Context ctx, String authName) => models.values
      .firstWhere((model) => model.username == authName, orElse: () => null);

  User fetchByAuthorizationId(Context ctx, String sessionId) {
    if (!models.containsKey(sessionId)) {
      return null;
    }

    return models[sessionId];
  }
}


final Map<String, User> kUsers = {
  '0': new User('0', 'teja', 'word'),
  '1': new User('1', 'kleak', 'pass'),
};

final WhiteListPasswordChecker kModelManager =
    new WhiteListPasswordChecker(kUsers);

AuthModelManager implementations

Several implementation of AuthModelManager exist:

  1. MongoDB based
  2. PostgreSQL based
  3. Whitelist

Authorizer

Authorizer authorizes the requests. If the authorization fails, it responds with a 401 http error. If the authorization succeeds, it returns the user model of the authorized user.

Example

/// Collection of routes students can also access
@Api(path: '/book')
class StudentRoutes extends Object with JsonRoutes {
  JsonRepo get repo => jsonRepo;

  @Get()
  Future<Response<String>> getAllBooks(Context ctx) async {
    // Authorize. Throws 401 http error, if authorization fails!
    await Authorizer.authorize(ctx, kModelManager);

    return toJson(_books.values);
  }

  @Get(path: '/:id')
  Future<Response<String>> getBook(Context ctx) async {
    // Authorize. Throws 401 http error, if authorization fails!
    await Authorizer.authorize(ctx, kModelManager);

    String id = ctx.pathParams.get('id');
    Book book = _books[id];
    return toJson(book);
  }
}

Basic auth

BasicAuth performs authentication based on basic authentication.

It expects base64 encoded "username:password" pair in "authorization" header with "Basic" scheme.

Example

/// This route group contains login and logout routes
@Api()
class AuthRoutes extends Object with JsonRoutes {
  JsonRepo get repo => jsonRepo;

  @Post(path: '/login')
  @WrapOne(basicAuth) // Wrap basic authenticator
  Response<String> login(Context ctx) {
    final User user = ctx.getInterceptorResult<User>(BasicAuth);
    return toJson(user);
  }

  @Post(path: '/logout')
  Future logout(Context ctx) async {
    // Clear session data
    (await ctx.session).clear();
  }

  static BasicAuth basicAuth(Context ctx) => new BasicAuth(kModelManager);
}

Example client

TODO


Form auth

An authenticator for standard username password form style login. It expects a application/x-www-form-urlencoded encoded body where the username and password form fields must be called username and password respectively.

Example

/// This route group contains login and logout routes
@Api()
class AuthRoutes extends Object with JsonRoutes {
  JsonRepo get repo => jsonRepo;

  @Post(path: '/login')
  @WrapOne(formAuth)
  Response<String> login(Context ctx) {
    final User user = ctx.getInterceptorResult<User>(FormAuth);
    return toJson(user);
  }

  @Post(path: '/logout')
  Future logout(Context ctx) async {
    // Clear session data
    (await ctx.session).clear();
  }

  static FormAuth formAuth(Context ctx) => new FormAuth(kModelManager);
}

Example client

TODO

Json auth

An authenticator for standard username password login using ajax requests. It expects a application/json encoded body where the username and password fields must be called username and password respectively.

Example

/// This route group contains login and logout routes
@Api()
class AuthRoutes extends Object with JsonRoutes {
  JsonRepo get repo => jsonRepo;

  @Post(path: '/login')
  @WrapOne(jsonAuth)
  Response<String> login(Context ctx) {
    final User user = ctx.getInterceptorResult<User>(JsonAuth);
    return toJson(user);
  }

  @Post(path: '/logout')
  Future logout(Context ctx) async {
    // Clear session data
    (await ctx.session).clear();
  }

  /// The authenticator
  static JsonAuth jsonAuth(Context ctx) => new JsonAuth(kModelManager);
}

Example client

TODO

Changelog

2.1.1

  • Simplified authenticator

1.2.14

  • Uses Jaguar 1.2.14 style Interceptor

0.2.1

  • Jaguar 1.2.x

0.12.0

  • Renames methods on AuthModelManager to be shorter
  • Made methods on AuthModelManager FutureOr

0.11.3

  • Moved to jaguar_serializer 0.5.x

0.11.0

  • Uses Session from jaguar package

0.0.1

  • Initial version, created by Stagehand

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  jaguar_auth: "^2.1.1"

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter packages get

Alternatively, your editor might support pub get or flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


      import 'package:jaguar_auth/jaguar_auth.dart';
  
Version Uploaded Documentation Archive
2.1.1 May 20, 2018 Go to the documentation of jaguar_auth 2.1.1 Download jaguar_auth 2.1.1 archive
2.0.2 May 20, 2018 Go to the documentation of jaguar_auth 2.0.2 Download jaguar_auth 2.0.2 archive
2.0.1 May 20, 2018 Go to the documentation of jaguar_auth 2.0.1 Download jaguar_auth 2.0.1 archive
1.3.2 Feb 2, 2018 Go to the documentation of jaguar_auth 1.3.2 Download jaguar_auth 1.3.2 archive
1.3.1 Feb 2, 2018 Go to the documentation of jaguar_auth 1.3.1 Download jaguar_auth 1.3.1 archive
1.2.14 Feb 1, 2018 Go to the documentation of jaguar_auth 1.2.14 Download jaguar_auth 1.2.14 archive
1.2.6 Jan 13, 2018 Go to the documentation of jaguar_auth 1.2.6 Download jaguar_auth 1.2.6 archive
1.2.1 Jan 13, 2018 Go to the documentation of jaguar_auth 1.2.1 Download jaguar_auth 1.2.1 archive
1.1.6 Jan 11, 2018 Go to the documentation of jaguar_auth 1.1.6 Download jaguar_auth 1.1.6 archive
1.1.5 Jan 11, 2018 Go to the documentation of jaguar_auth 1.1.5 Download jaguar_auth 1.1.5 archive

All 40 versions...

Analysis

We analyzed this package on Jun 19, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.0.0-dev.63.0
  • pana: 0.11.3

Scores

Popularity:
Describes how popular the package is relative to other packages. [more]
42 / 100
Health:
Code health derived from static analysis. [more]
95 / 100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
90 / 100
Overall score:
Weighted score of the above. [more]
67
Learn more about scoring.

Platforms

Detected platforms: Flutter, other

Primary library: package:jaguar_auth/jaguar_auth.dart with components: io.

Suggestions

  • Homepage does not exists.

    We were unable to access https://github.com/Jaguar-dart/jaguar_auth at the time of the analysis.

  • The description is too short.

    Add more detail about the package, what it does and what is its target use case. Try to write at least 60 characters.

  • Fix analysis and formatting issues.

    Analysis or formatting checks reported 17 hints.

    Strong-mode analysis of lib/src/authenticators/authenticators.dart gave the following hint:

    line: 18 col: 8
    Unused import: 'package:auth_header/auth_header.dart'.

    Strong-mode analysis of lib/src/authenticators/basic_auth.dart gave the following hint:

    line: 47 col: 34
    'UNAUTHORIZED' is deprecated and shouldn't be used.

    Similar analysis of the following files failed:

    • lib/src/authenticators/form_auth.dart (hint)
    • lib/src/authenticators/json_auth.dart (hint)
    • lib/src/authorizer/authorizer.dart (hint)
  • Maintain an example.

    None of the files in your example/ directory matches a known example patterns. Common file name patterns include: main.dart, example.dart or you could also use jaguar_auth.dart.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.20.0 <2.0.0
auth_header ^0.0.2 0.0.3
crypto ^2.0.3 2.0.5
jaguar ^2.0.5 2.1.7
jaguar_common ^0.2.0 0.2.2
Transitive dependencies
charcode 1.1.1
collection 1.14.10
convert 2.0.1
http_server 0.9.7
logging 0.11.3+1
meta 1.1.5
mime 0.9.6+1
path 1.6.1
stack_trace 1.9.2
typed_data 1.1.5
Dev dependencies
http ^0.11.3
jaguar_client ^2.0.3
jaguar_reflect ^2.0.2
jaguar_resty
test >=0.12.0 <0.13.0