Bring back Cookie token extractor (#55)

* Bring back Cookie token extractor

* Increase code coverage

lib/index.js

@@ -31,29 +31,36 @@ function init (options = {}) {
       throw new Error(`Can not find app.passport. Did you initialize feathers-authentication before @feathersjs/authentication-jwt?`);
     }
 
-    let authOptions = app.get('auth') || app.get('authentication') || {};
-    let jwtOptions = authOptions[options.name] || {};
-
+    const authOptions = app.get('auth') || app.get('authentication') || {};
+    const jwtOptions = authOptions[options.name] || {};
     // NOTE (EK): Pull from global auth config to support legacy auth for an easier transition.
-    let jwtSettings = merge({}, defaults, pick(authOptions, KEYS), jwtOptions, omit(options, ['Verifier']));
+    const jwtSettings = merge({}, defaults, pick(authOptions, KEYS), jwtOptions, omit(options, ['Verifier']));
 
     if (typeof jwtSettings.header !== 'string') {
       throw new Error(`You must provide a 'header' in your authentication configuration or pass one explicitly`);
     }
 
-    if (typeof jwtSettings.secret === 'undefined') {
-      throw new Error(`You must provide a 'secret' in your authentication configuration or pass one explicitly`);
+    const extractors = [
+      ExtractJwt.fromAuthHeaderWithScheme('jwt'),
+      ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ExtractJwt.fromHeader(jwtSettings.header.toLowerCase()),
+      ExtractJwt.fromBodyField(jwtSettings.bodyKey)
+    ];
+
+    if (authOptions.cookie && authOptions.cookie.name) {
+      extractors.push(function (req) {
+        if (req && req.cookies) {
+          return req.cookies[authOptions.cookie.name];
+        }
+
+        return null;
+      });
     }
 
     let Verifier = DefaultVerifier;
     let strategyOptions = merge({
       secretOrKey: jwtSettings.secret,
-      jwtFromRequest: ExtractJwt.fromExtractors([
-        ExtractJwt.fromAuthHeaderWithScheme('jwt'),
-        ExtractJwt.fromAuthHeaderAsBearerToken(),
-        ExtractJwt.fromHeader(jwtSettings.header.toLowerCase()),
-        ExtractJwt.fromBodyField(jwtSettings.bodyKey)
-      ])
+      jwtFromRequest: ExtractJwt.fromExtractors(extractors)
     }, jwtSettings.jwt, omit(jwtSettings, ['jwt', 'header', 'secret']));
 
     // Normalize algorithm key

test/index.test.js

@@ -48,7 +48,13 @@ describe('@feathersjs/authentication-jwt', () => {
     beforeEach(done => {
       app = expressify(feathers());
       app.use('/users', memory());
-      app.configure(authentication({ secret: 'supersecret' }));
+      app.configure(authentication({
+        secret: 'supersecret',
+        cookie: {
+          enabled: true,
+          name: 'feathers-jwt'
+        }
+      }));
 
       app.service('users').create({
         name: 'test user'
@@ -74,14 +80,6 @@ describe('@feathersjs/authentication-jwt', () => {
       }).to.throw();
     });
 
-    it('throws an error if secret is not provided', () => {
-      expect(() => {
-        app = expressify(feathers());
-        app.configure(authentication({}));
-        app.setup();
-      }).to.throw();
-    });
-
     it('registers the jwt passport strategy', () => {
       sinon.spy(app.passport, 'use');
       sinon.spy(passportJWT, 'Strategy');
@@ -219,6 +217,26 @@ describe('@feathersjs/authentication-jwt', () => {
       });
     });
 
+    describe('Cookie', () => {
+      it('authenticates using a cookie if set in options', () => {
+        const req = {
+          query: {},
+          body: {},
+          headers: {},
+          cookies: {
+            'feathers-jwt': validToken
+          }
+        };
+
+        app.configure(jwt());
+        app.setup();
+
+        return app.authenticate('jwt')(req).then(result => {
+          expect(result.success).to.equal(true);
+        });
+      });
+    });
+
     describe('custom Verifier', () => {
       it('throws an error if a verify function is missing', () => {
         expect(() => {