From c674518ba97840f9fd95ccdc4c80390bb8cc5407 Mon Sep 17 00:00:00 2001
From: Michael Garvin <gar+gh@danger.computer>
Date: Fri, 15 Nov 2019 11:24:53 -0800
Subject: [PATCH] fix(auth): properly populate request.auth on failed auth

Currently request.auth is only populated on failed auth if the mode is set to 'try'
This will make that object always populated, regardless of auth mode.
---
 lib/auth.js  | 11 ++++++-----
 test/auth.js | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/lib/auth.js b/lib/auth.js
index 0660cc94c..34bd1b451 100755
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -461,12 +461,13 @@ internals.validate = function (err, result, name, config, request, errors) {
             return internals.missing;
         }
 
+        request.auth.isAuthenticated = false;
+        request.auth.strategy = name;
+        request.auth.credentials = result.credentials;
+        request.auth.artifacts = result.artifacts;
+        request.auth.error = err;
+
         if (config.mode === 'try') {
-            request.auth.isAuthenticated = false;
-            request.auth.strategy = name;
-            request.auth.credentials = result.credentials;
-            request.auth.artifacts = result.artifacts;
-            request.auth.error = err;
             request._log(['auth', 'unauthenticated', 'try', name], err);
             return;
         }
diff --git a/test/auth.js b/test/auth.js
index 285785932..0c9a17186 100755
--- a/test/auth.js
+++ b/test/auth.js
@@ -1308,7 +1308,7 @@ describe('authentication', () => {
             expect(res.statusCode).to.equal(500);
         });
 
-        it('passes credentials on unauthenticated()', async () => {
+        it('passes credentials on unauthenticated() in try mode', async () => {
 
             const scheme = () => {
 
@@ -1331,6 +1331,38 @@ describe('authentication', () => {
             const res = await server.inject('/');
             expect(res.statusCode).to.equal(204);
         });
+
+        it('passes strategy, credentials, artifacts, error on unauthenticated() in required mode', async () => {
+
+            const scheme = () => {
+
+                return { authenticate: (request, h) => h.unauthenticated(Boom.unauthorized(), { credentials: { user: 'steve' }, artifacts: '!' }) };
+            };
+
+            const server = Hapi.server();
+            server.ext('onPreResponse', (request, h) => {
+
+                if (request.auth.credentials.user === 'steve') {
+                    return h.continue;
+                }
+            });
+            server.ext('onPreResponse', (request, h) => {
+
+                expect(request.auth.credentials).to.equal({ user: 'steve' });
+                expect(request.auth.artifacts).to.equal('!');
+                expect(request.auth.strategy).to.equal('default');
+                expect(request.auth.error.message).to.equal('Unauthorized');
+                return h.continue;
+            });
+            server.auth.scheme('custom', scheme);
+            server.auth.strategy('default', 'custom');
+            server.auth.default('default', { mode: 'required' });
+
+            server.route({ method: 'GET', path: '/', handler: () => null });
+
+            const res = await server.inject('/');
+            expect(res.statusCode).to.equal(401);
+        });
     });
 
     describe('verify()', () => {