From aff653583e480508daebc7cf5efd01d133e4f02a Mon Sep 17 00:00:00 2001
From: Guillaume WANG <guillaume.wang@polytechnique.edu>
Date: Wed, 19 Jun 2019 00:58:43 -0400
Subject: [PATCH] simplify '/login' middleware no need for a custom callback
for passport.authenticate
---
package-lock.json | 10 ++++----
src/app.ts | 64 +++++++++++------------------------------------
2 files changed, 19 insertions(+), 55 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8d6fd67..4f5eca6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -94,7 +94,7 @@
},
"minimist": {
"version": "1.2.0",
- "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
+ "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
"integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=",
"dev": true
},
@@ -1802,7 +1802,7 @@
},
"graphql": {
"version": "0.13.2",
- "resolved": "https://registry.npmjs.org/graphql/-/graphql-0.13.2.tgz",
+ "resolved": "http://registry.npmjs.org/graphql/-/graphql-0.13.2.tgz",
"integrity": "sha512-QZ5BL8ZO/B20VA8APauGBg3GyEgZ19eduvpLWoq5x7gMmWnHoy8rlQWPLmWgFvo1yNgjSEFMesmS4R6pPr7xog==",
"dev": true,
"requires": {
@@ -3085,7 +3085,7 @@
"colors": {
"version": "1.3.3",
"resolved": "https://registry.npmjs.org/colors/-/colors-1.3.3.tgz",
- "integrity": "sha512-mmGt/1pZqYRjMxB1axhTo16/snVZ5krrKkcmMeVKxzECMMXoCgnvTPp10QgHfcbQZw8Dq2jMNG6je4JlWU0gWg=="
+ "integrity": "sha1-OeAF1Uav4B4B+cTKj6UPaGoBIF0="
},
"command-line-args": {
"version": "5.1.1",
@@ -3489,7 +3489,7 @@
},
"whatwg-fetch": {
"version": "2.0.4",
- "resolved": "https://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-2.0.4.tgz",
+ "resolved": "http://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-2.0.4.tgz",
"integrity": "sha512-dcQ1GWpOD/eEQ97k66aiEVpNnapVj90/+R+SXTPYGHpYBBypfKJEQjLrvMZ7YXbKm21gXd4NcuxUTjiv1YtLng==",
"dev": true
}
@@ -8501,7 +8501,7 @@
},
"pinkie-promise": {
"version": "2.0.1",
- "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
+ "resolved": "http://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
"integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
"dev": true,
"requires": {
diff --git a/src/app.ts b/src/app.ts
index c13edc4..8fa6b7a 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -121,58 +121,22 @@ app.use(passport.session(), (req, res, next) => {
* i.e. quand l'utilisateur submit le formulaire de login avec ses identifiants/mdp dans le front
*
* @todo gérer le cas où une requête à /login est reçue, mais où cette requête contient un cookie valide
- * @todo vérifier qu'on ne fallthrough pas, i.e. qu'on renvoie une response et qu'on ne trigger pas les middlewares suivants une fois celui-ci terminé
- * @todo rassify
*/
-
-//with custom callback:
-//http://www.passportjs.org/docs/authenticate/#custom-callback
-// http://toon.io/understanding-passportjs-authentication-flow/
-app.post('/login', (req, res, next) => {
- console.log("Received an authentication request to /login");
- passport.authenticate('ldapauth', (err, user, info) => {
- console.log("| Entering passport.authenticate('ldapauth', - ) callback");
- // If an exception occurred
- if (err) {
- console.log("| Error when trying to passport.authenticate with ldapauth");
- console.log(err);
- return res.status(err.status).json({
- message: "Exception raised in backend process during authentication: " + err,
- authSucceeded: false
- });
- // return next(err); // handle error? or drop request and answer with res.json()?
- }
- // If authentication failed, user will be set to false
- if (!user) {
- console.log("| Authentication failed, passport.authenticate did not return a user. ");
- return res.status(401).json({
- message: "Authentication failed: " + info.message,
- authSucceeded: false
- });
- }
-
- req.login(user, (err) => {
- // If an exception occurred at login
- if (err) {
- console.log("| Error when trying to req.login in callback in passport.authenticate('ldapauth', - )");
- console.log(err);
- return res.status(err.status).json({
- message: "Exception raised in backend process during login: " + err,
- authSucceeded: false
- });
- // return next(err); // handle error? or drop request and answer with res.json()?
- }
- // If all went well
- console.log("| Authentication succeeded! :)");
- // passport.authenticate automatically includes a Set-Cookie HTTP header in
- // the response. The JSON body is just to signal the frontend that all went well
- return res.status(200).json({
- message: 'Authentication succeeded',
- authSucceeded: true
- });
+app.post('/login',
+ (req, res) => { console.log("Received an authentication request to /login"); },
+ passport.authenticate('ldapauth'),
+ // By default, if authentication fails, Passport will respond with a 401 Unauthorized status
+ // If authentication succeeds, the next handler will be invoked and the req.user property will be set to the authenticated user
+ (req, res) => {
+ console.log("Authentication succeeded! :) User "+req.user.uid+" successfully logged in.");
+ // passport.authenticate automatically includes a Set-Cookie HTTP header in
+ // the response. The JSON body is just to signal the frontend that all went well
+ return res.status(200).json({
+ message: 'Authentication succeeded',
+ authSucceeded: true
});
- })(req, res, next);
-});
+ }
+);
/**
* @desc Servir l'API GraphQL Ã proprement parler
--
GitLab