I'm trying to prevent users of type "member" from accessing a dashboard. This dashboard shares the same authentication endpoint as the main site. In the POST request to the /login endpoint I'm trying to pass another paramater env="dashboard so that I can tell then return a 400 if the user is a "member" instead of an "admin".
The problem is that this parameter gets stripped out when it reaches the validate() callback in the local strategy. So as far as I can tell it looks like it only expects a username and password. Is there a way to achieve this whilst still keeping the LocalStrategy with the validate?
local.strategy.ts
@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy, 'local') {
constructor(private authService: AuthService) {
super({
usernameField: 'email',
environment: 'environment',
});
}
async validate(
email: string,
password: string,
environment: string
//this environment doesn't make it to the getAuthenticatedUser method despite being on
// the request object
): Promise<User> {
return this.authService.getAuthenticatedUser(email, password, environment);
}
}
I have tried doing like suggested in this SO question
and add it to the super() but still get the same result and when I log the value of environment I get: [Function: verified]
The providers in the auth.module.ts look like this:
providers: [
AuthService,
LocalStrategy,
JwtStrategy,
ApiKeyStrategy,
AdminApiKeyStrategy,
],
Is there anything I'm missing or is it possible at all to achieve what I'm trying?