Decoupling

[ekryski]

This brings in a pretty major overhaul to feathers authentication. With it comes:

• Migrating existing code to use services

• Standardizing on a hook spec:

  export default function(options = {}){
    const defaults = {passwordField: 'password'};
    options = Object.assign({}, defaults, options);
  
    return function(hook) {
      // do stuff
    };
  }

• Adds support for authenticating with socketio and primus (Support authenticating with Username and Password via sockets #32)

• Only signs the JWT with user id (Only sign the JWT with user id. Not the whole user object #38)

• Locks down socket authentication (Discussion: Securing token for socket.io auth #33)

• Continues the work @marshallswain did on handling expired tokens (Handling expired tokens #25)

• Adds a bunch more tests.

• Adds support for OAuth2 (Support OAuth2 #43)

• Adds a client side component for easy authentication with Feathers (Add a client side component for authentication #44)

• Adds preliminary support for graceful fallback to cookies for JWT (Support graceful fallback to cookies #45)

• Adds an example project showing all the different ways you can authenticate

[daffl]

Does this commented out code need to kept for reference?

[ekryski]

@daffl No we can get rid of it unless you want to take a crack at it.

[daffl]

I actually didn't read all of it ;) What would it have to do?

[ekryski]

That's the promisfying we were trying to do the other night so that a developer doesn't have to call app.io.on('connect', cb) before they can authenticate. We would handle that for them. I couldn't get it to work. Too many promises and event listeners.

[daffl]

From 60 to here it can probably just be changed to

return app.service(options.userEndpoint).create(data, { internal: true })).then(user => done(user)).catch(done);

[ekryski]

I don't think so. Passport expects the first param to done to be an error or null.

[daffl]

Looks like it needs to be merge with master which is hopefully not too much of a disaster. Besides that, let's merge it, make a 0.2.0 release and iterate from there.

[ekryski]

@daffl I had already did that and resolved conflicts. It's good there.

All the tests pass locally all the time. I dunno why that one test keeps timing out randomly. I can try setting the mocha timeout higher to see if that works.

[ekryski]

never mind. The latest build did pass on all three platforms now that I added the timeout in the test. I think for some reason the tests were running fast enough that the expiredToken wasn't actually expired yet.

[ekryski]

This PR. Closes #25, #32, #33, #38, #43, #44, #45.