Respect auth mode for redirects

[sholladay]

This is a redo of PR #155, updated for hapi 17, and with no merge conflicts. I made this a new PR for a blank slate and so that the other PR can remain discoverable for hapi 16 users.

The goal here is to reduce boilerplate for configuring this plugin and to simplify routes.

hapi-auth-cookie has a strange quirk where it redirects to login when the user visits a route whose auth mode is try or optional. The reason this is unexpected is that the whole point of hapi's try and optional modes is to allow route handlers to process unauthenticated requests. hapi-auth-cookie makes this impossible, because it redirects the user away, and thus the route handler never executes. This is rather frustrating because these routes are designed to not force the user to login.

This PR ensures that redirectTo respects the auth mode set for the route. It only redirects when the auth mode is required. You can still override the behavior in the route configuration, but that is the new default. This is a breaking change, but it would really make my day to see this merged, since I use optional routes a lot.

[sholladay]

@mrlannigan I fixed the merge conflicts caused by https://github.com/hapijs/hapi-auth-cookie/pull/183 going in first.

Is there anything else I can do to help get this merged? I sincerely believe that this change will be very popular with the rest of the community.

[ilyaigpetrov]

This PR is extremely desired, please, don't put it off. @sholladay thank you for your work, I plan to use your sholladay/hapi-auth-cookie#hapi17-redirect in my package.json until it will be merged.

[mrlannigan]

Version 9.0.0 has been released to npm.

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.