Include auth in validation context. Closes hapijs#2238

Eran Hammer · Eran Hammer · commit 6f558b9493c5 · 2014-12-01T23:32:05.000-08:00
diff --git a/docs/Reference.md b/docs/Reference.md
@@ -2175,12 +2175,12 @@ following options:
         - `'ignore'` - take no action.
 
 - `validate` - request input validation rules for various request components. When using a
-  [Joi](http://github.com/hapijs/joi) validation object, the values of the other inputs (e.g.
-  `headers`, `query`, and `params` when validating `payload`) are made available under the
-  validation context (accessible in rules as `Joi.ref('$query.key')`). Note that validation is
-  performed in order (i.e. headers, params, query, payload) and if type casting is used
-  (converting a string to number), the value of inputs not yet validated will reflect the raw,
-  unvalidated and unmodified values. The `validate` object supports:
+  [Joi](http://github.com/hapijs/joi) validation object, the values of the other inputs (i.e.
+  `headers`, `query`, `params`, `payload`, and `auth`) are made available under the validation
+  context (accessible in rules as `Joi.ref('$query.key')`). Note that validation is performed in
+  order (i.e. headers, params, query, payload) and if type casting is used (converting a string to
+  number), the value of inputs not yet validated will reflect the raw, unvalidated and unmodified
+  values. The `validate` object supports:
 
     - `headers` - validation rules for incoming request headers. Values allowed:
         - `true` - any headers allowed (no validation performed).  This is the default.
diff --git a/lib/validation.js b/lib/validation.js
@@ -107,7 +107,11 @@ internals.input = function (source, request, next) {
             headers: request.headers,
             params: request.params,
             query: request.query,
-            payload: request.payload
+            payload: request.payload,
+            auth: {
+                isAuthenticated: request.auth.isAuthenticated,
+                credentials: request.auth.credentials
+            }
         }
     };
 
diff --git a/test/validation.js b/test/validation.js
@@ -85,6 +85,63 @@ describe('validation', function () {
         });
     });
 
+    it('validates valid input using auth context', function (done) {
+
+        var server = new Hapi.Server();
+        server.connection();
+
+        server.auth.scheme('none', function (server, options) {
+
+            return {
+                authenticate: function (request, reply) {
+
+                    return reply.continue({ credentials: { name: 'john' } });
+                }
+            };
+        });
+
+        server.auth.strategy('default', 'none', true);
+
+        server.route({
+            method: 'GET',
+            path: '/{user?}',
+            handler: function (request, reply) { return reply('ok'); },
+            config: {
+                validate: {
+                    query: {
+                        me: Joi.boolean().when('$auth.credentials.name', { is: Joi.ref('$params.user'), otherwise: Joi.forbidden() })
+                    }
+                }
+            }
+        });
+
+        server.inject('/?me=true', function (res) {
+
+            expect(res.statusCode).to.equal(400);
+
+            server.inject('/', function (res) {
+
+                expect(res.statusCode).to.equal(200);
+
+                server.inject('/steve?me=true', function (res) {
+
+                    expect(res.statusCode).to.equal(400);
+
+                    server.inject('/john?me=true', function (res) {
+
+                        expect(res.statusCode).to.equal(200);
+
+                        server.inject('/john?me=x', function (res) {
+
+                            expect(res.statusCode).to.equal(400);
+                            done();
+                        });
+                    });
+                });
+            });
+        });
+    });
+
     it('fails valid input', function (done) {
 
         var server = new Hapi.Server();
