hapijs · sholladay · Feb 12, 2017
diff --git a/.travis.yml b/.travis.yml
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -32,16 +32,12 @@ The `'cookie`' scheme takes the following required options:
 - `isSecure` - if `false`, the cookie is allowed to be transmitted over insecure connections which
   exposes it to attacks. Defaults to `true`.
 - `isHttpOnly` - if `false`, the cookie will not include the 'HttpOnly' flag. Defaults to `true`.
-- `redirectTo` - optional login URI to redirect unauthenticated requests to. Note that using
-  `redirectTo` with authentication mode `'try'` will cause the protected endpoint to always
-  redirect, voiding `'try'` mode. To set an individual route to use or disable redirections, use
+- `redirectTo` - optional login URI to redirect unauthenticated requests to. Note that it will only trigger with authentication mode `'required'`. To set an individual route to use or disable redirections, use
   the route `plugins` config (`{ config: { plugins: { 'hapi-auth-cookie': { redirectTo: false } } } }`).
   Defaults to no redirection.
 - `appendNext` - if `true` and `redirectTo` is `true`, appends the current request path to the
   query component of the `redirectTo` URI using the parameter name `'next'`. Set to a string to use
   a different parameter name. Defaults to `false`.
-- `redirectOnTry` - if `false` and route authentication mode is `'try'`, authentication errors will
-  not trigger a redirection. Requires **hapi** version 6.2.0 or newer. Defaults to `true`;
 - `validateFunc` - an optional session validation function used to validate the content of the
   session cookie on each request. Used to verify that the internal session state is still valid
   (e.g. user account still exists). The function has the signature `function(request, session, callback)`

diff --git a/example/index.js b/example/index.js
diff --git a/lib/index.js b/lib/index.js
@@ -34,7 +34,6 @@ internals.schema = Joi.object({
     isHttpOnly: Joi.boolean().default(true),
     redirectTo: Joi.string().allow(false),
     appendNext: Joi.alternatives(Joi.string(), Joi.boolean()).default(false),
-    redirectOnTry: Joi.boolean().default(true),
     validateFunc: Joi.func(),
     requestDecoratorName: Joi.string().default('cookieAuth')
 }).required();
@@ -175,20 +174,14 @@ internals.implementation = function (server, options) {
 
             const unauthenticated = function (err, result) {
 
-                if (settings.redirectOnTry === false &&             // Defaults to true
-                    request.auth.mode === 'try') {
-
-                    return reply(err, null, result);
-                }
-
                 let redirectTo = settings.redirectTo;
                 if (request.route.settings.plugins['hapi-auth-cookie'] &&
                     request.route.settings.plugins['hapi-auth-cookie'].redirectTo !== undefined) {
 
                     redirectTo = request.route.settings.plugins['hapi-auth-cookie'].redirectTo;
                 }
 
-                if (!redirectTo) {
+                if (!redirectTo || request.auth.mode !== 'required') {
                     return reply(err, null, result);
                 }
 

diff --git a/test/index.js b/test/index.js
@@ -1316,7 +1316,7 @@ describe('scheme', () => {
 
     describe('redirection', () => {
 
-        it('sends to login page (uri without query)', (done) => {
+        it('sends to login page (url without query)', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
@@ -1418,41 +1418,38 @@ describe('scheme', () => {
             });
         });
 
-        it('skips when redirectOnTry is false in try mode', (done) => {
+        it('sends to login page (url with query)', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
             server.register(require('../'), (err) => {
 
                 expect(err).to.not.exist();
 
-                server.auth.strategy('default', 'cookie', 'try', {
+                server.auth.strategy('default', 'cookie', true, {
                     password: 'password-should-be-32-characters',
                     ttl: 60 * 1000,
-                    redirectOnTry: false,
-                    redirectTo: 'http://example.com/login',
+                    redirectTo: 'http://example.com/login?mode=1',
                     appendNext: true
                 });
 
                 server.route({
-                    method: 'GET',
-                    path: '/',
-                    handler: function (request, reply) {
+                    method: 'GET', path: '/', handler: function (request, reply) {
 
-                        return reply(request.auth.isAuthenticated);
+                        return reply('never');
                     }
                 });
 
                 server.inject('/', (res) => {
 
-                    expect(res.statusCode).to.equal(200);
-                    expect(res.result).to.equal(false);
+                    expect(res.statusCode).to.equal(302);
+                    expect(res.headers.location).to.equal('http://example.com/login?mode=1&next=%2F');
                     done();
                 });
             });
         });
 
-        it('sends to login page (uri with query)', (done) => {
+        it('sends to login page and does not append the next query when appendNext is false', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
@@ -1464,7 +1461,7 @@ describe('scheme', () => {
                     password: 'password-should-be-32-characters',
                     ttl: 60 * 1000,
                     redirectTo: 'http://example.com/login?mode=1',
-                    appendNext: true
+                    appendNext: false
                 });
 
                 server.route({
@@ -1477,13 +1474,13 @@ describe('scheme', () => {
                 server.inject('/', (res) => {
 
                     expect(res.statusCode).to.equal(302);
-                    expect(res.headers.location).to.equal('http://example.com/login?mode=1&next=%2F');
+                    expect(res.headers.location).to.equal('http://example.com/login?mode=1');
                     done();
                 });
             });
         });
 
-        it('sends to login page and does not append the next query when appendNext is false', (done) => {
+        it('appends the custom query when appendNext is string', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
@@ -1495,7 +1492,7 @@ describe('scheme', () => {
                     password: 'password-should-be-32-characters',
                     ttl: 60 * 1000,
                     redirectTo: 'http://example.com/login?mode=1',
-                    appendNext: false
+                    appendNext: 'done'
                 });
 
                 server.route({
@@ -1508,13 +1505,13 @@ describe('scheme', () => {
                 server.inject('/', (res) => {
 
                     expect(res.statusCode).to.equal(302);
-                    expect(res.headers.location).to.equal('http://example.com/login?mode=1');
+                    expect(res.headers.location).to.equal('http://example.com/login?mode=1&done=%2F');
                     done();
                 });
             });
         });
 
-        it('appends the custom query when appendNext is string', (done) => {
+        it('skips redirect on try', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
@@ -1525,27 +1522,26 @@ describe('scheme', () => {
                 server.auth.strategy('default', 'cookie', true, {
                     password: 'password-should-be-32-characters',
                     ttl: 60 * 1000,
-                    redirectTo: 'http://example.com/login?mode=1',
-                    appendNext: 'done'
+                    redirectTo: 'http://example.com/login',
+                    appendNext: true
                 });
 
                 server.route({
-                    method: 'GET', path: '/', handler: function (request, reply) {
+                    method: 'GET', path: '/', config: { auth: { mode: 'try' } }, handler: function (request, reply) {
 
-                        return reply('never');
+                        return reply('try');
                     }
                 });
 
                 server.inject('/', (res) => {
 
-                    expect(res.statusCode).to.equal(302);
-                    expect(res.headers.location).to.equal('http://example.com/login?mode=1&done=%2F');
+                    expect(res.statusCode).to.equal(200);
                     done();
                 });
             });
         });
 
-        it('redirect on try', (done) => {
+        it('skips redirect on optional', (done) => {
 
             const server = new Hapi.Server();
             server.connection();
@@ -1561,15 +1557,15 @@ describe('scheme', () => {
                 });
 
                 server.route({
-                    method: 'GET', path: '/', config: { auth: { mode: 'try' } }, handler: function (request, reply) {
+                    method: 'GET', path: '/', config: { auth: { mode: 'optional' } }, handler: function (request, reply) {
 
-                        return reply('try');
+                        return reply('optional');
                     }
                 });
 
                 server.inject('/', (res) => {
 
-                    expect(res.statusCode).to.equal(302);
+                    expect(res.statusCode).to.equal(200);
                     done();
                 });
             });