Merge pull request #23 from adamvr/entity-fields

Entity fields

README.md

@@ -48,8 +48,10 @@ This will pull from your global `auth` object in your config file. It will also
     name: 'local', // the name to use when invoking the authentication Strategy
     entity: 'user', // the entity that you're comparing username/password against
     service: 'users', // the service to look up the entity
-    usernameField: 'email', // key name of username field
-    passwordField: 'password', // key name of password field
+    usernameField: 'email', // key name of username field on the request
+    passwordField: 'password', // key name of password field on the request
+    entityUsernameField: 'email', // key name of the username field on the entity (defaults to `usernameField`)
+    entityPasswordField: 'password', // key name of the password on the entity (defaults to `passwordField`)
     passReqToCallback: true, // whether the request object should be passed to `verify`
     session: false // whether to use sessions,
     Verifier: Verifier // A Verifier class. Defaults to the built-in one but can be a custom one. See below for details.

src/verifier.js

@@ -21,11 +21,14 @@ class LocalVerifier {
   }
 
   _comparePassword(entity, password) {
+    // select entity password field - take entityPasswordField over passwordField
+    const passwordField = this.options.entityPasswordField || this.options.passwordField;
+
     // find password in entity, this allows for dot notation
-    const hash = get(entity, this.options.passwordField);
+    const hash = get(entity, passwordField);
 
     if (!hash) {
-      return Promise.reject(new Error(`'${this.options.entity}' record in the database is missing a '${this.options.passwordField}'`));
+      return Promise.reject(new Error(`'${this.options.entity}' record in the database is missing a '${passwordField}'`));
     }
 
     debug('Verifying password');
@@ -64,8 +67,12 @@ class LocalVerifier {
 
   verify(req, username, password, done) {
     debug('Checking credentials', username, password);
+
+    // Choose username field
+    const usernameField = this.options.entityUsernameField || this.options.usernameField;
+
     const query = {
-      [this.options.usernameField]: username,
+      [usernameField]: username,
       $limit: 1
     };
 

test/verifier.test.js

@@ -109,6 +109,19 @@ describe('Verifier', () => {
           expect(result).to.deep.equal(user);
         });
       });
+
+      it('prefers entityPasswordField over passwordField', () => {
+        user.password = {
+          value: user.password
+        };
+
+        verifier.options.passwordField = 'password';
+        verifier.options.entityPasswordField = 'password.value';
+
+        return verifier._comparePassword(user, 'admin').then(result => {
+          expect(result).to.deep.equal(user);
+        });
+      })
     });
   });
 
@@ -152,6 +165,36 @@ describe('Verifier', () => {
       });
     });
 
+    it('allows overriding of usernameField', done => {
+      verifier.options.usernameField = 'username';
+
+      user.username = 'username';
+
+      verifier.verify({}, 'username', 'admin', (error, entity) => {
+        expect(error).to.equal(null);
+        expect(entity).to.deep.equal(user);
+        done();
+      })
+    });
+
+    it('prefers entityUsernameField over usernameField', done => {
+      verifier.options.usernameField = 'username';
+      verifier.options.entityUsernameField = 'users.username';
+
+      user.username = 'invalid';
+
+      user.users = {
+        username: 'valid'
+      };
+
+      verifier.verify({}, 'valid', 'admin', (error, entity) => {
+        expect(error).to.equal(null);
+        expect(entity).to.deep.equal(user);
+        done();
+      })
+
+    });
+
     it('calls _normalizeResult', done => {
       sinon.spy(verifier, '_normalizeResult');
       verifier.verify({}, user.email, 'admin', () => {