I created an after hook in the users service that should sanitize the response from the "find" method and it broke the authentication service.
The after hook sanitizeResponse should verify if the query is regarding the email or cpf, and, if it is, should remove some of the fields and add some new ones.
Here is the users.hooks.js
const { authenticate } = require('@feathersjs/authentication').hooks;
const {
// eslint-disable-next-line no-unused-vars
hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;
const sanitizeResponse = (context) => {
const query = context.params.query;
if(!query.email && !query.cpf)
return context;
if(context.result.total){
context.result.data[0] = {exists: 1, id: context.result.data[0].id};
}else{
context.result.data[0] = {exists: 0};
}
};
module.exports = {
before: {
all: [],
find: [authenticate('jwt')],
get: [ authenticate('jwt') ],
create: [ hashPassword('password') ],
update: [ hashPassword('password'), authenticate('jwt') ],
patch: [ hashPassword('password'), authenticate('jwt') ],
remove: [ authenticate('jwt') ]
},
after: {
all: [
// Make sure the password field is never sent to the client
// Always must be the last hook
protect('password')
],
find: [sanitizeResponse],
get: [],
create: [],
update: [],
patch: [],
remove: []
},
error: {
all: [],
find: [],
get: [],
create: [],
update: [],
patch: [],
remove: []
}
};
Before writing this hook the authentication used to work just fine, but afterwards it started sending me "Not authenticated" responses.
I haven not changed anything in the user.class.js and authentication.js file generated by feathersjs-cli.
I would like to know what am i doing wrong ? Is there a better way to sanitize the response ?
Thank you for helping me!
The authentication flow needs to be able to retrieve the full user information to add it to requests, compare passwords and more. You likely want to skip the sanitizeResponse
hook for internal calls (when context.params.provider
is undefined
):
const sanitizeResponse = (context) => {
const query = context.params.query;
if(!context.params.provider || (!query.email && !query.cpf))
return context;
if(context.result.total){
context.result.data[0] = {exists: 1, id: context.result.data[0].id};
}else{
context.result.data[0] = {exists: 0};
}
};