Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement the "passReqToCallback" option for this strategy #3

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+22 −15
Open

implement the "passReqToCallback" option for this strategy #3

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
14a9095
make this strategy accept the "passReqToCallback" option
iamjochem Oct 22, 2013
2ebbe2c
use "self" not "this" - in order to reference the correct object!
iamjochem Oct 22, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 22 additions & 15 deletions lib/strategy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,16 @@ function Strategy(options, verify, issue) {
}
if (!verify) throw new Error('remember me cookie authentication strategy requires a verify function');
if (!issue) throw new Error('remember me cookie authentication strategy requires an issue function');

var opts = { path: '/', httpOnly: true, maxAge: 604800000 }; // maxAge: 7 days
this._key = options.key || 'remember_me';
this._opts = utils.merge(opts, options.cookie);

passport.Strategy.call(this);
this.name = 'remember-me';
this._verify = verify;
this._issue = issue;
this._passReqToCallback = !!options.passReqToCallback;
}

/**
Expand All @@ -47,24 +48,24 @@ Strategy.prototype.authenticate = function(req, options) {
// authenticated. This is in preference to the session, which is typically
// established at the same time the remember me cookie is issued.
if (req.isAuthenticated()) { return this.pass(); }

var token = req.cookies[this._key];

// Since the remember me cookie is primarily a convenience, the lack of one is
// not a failure. In this case, a response should be rendered indicating a
// logged out state, rather than denying the request.
if (!token) { return this.pass(); }

var self = this;

function verified(err, user, info) {
if (err) { return self.error(err); }

// Express exposes the response to the request. We need the response to set
// a cookie, so we'll grab it this way. This breaks the encapsulation of
// Passport's Strategy API, but is acceptable for this strategy.
var res = req.res;

if (!user) {
// The remember me cookie was not valid. However, because this
// authentication method is primarily a convenience, we don't want to
Expand All @@ -79,11 +80,11 @@ Strategy.prototype.authenticate = function(req, options) {
// http://jaspan.com/improved_persistent_login_cookie_best_practice
// http://web.archive.org/web/20130214051957/http://jaspan.com/improved_persistent_login_cookie_best_practice
// http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication

res.clearCookie(self._key);
return self.pass();
}

// The remember me cookie was valid and consumed. For security reasons,
// the just-used token should have been invalidated by the application.
// A new token will be issued and set as the value of the remember me
Expand All @@ -93,15 +94,21 @@ Strategy.prototype.authenticate = function(req, options) {
res.cookie(self._key, val, self._opts);
return self.success(user, info);
}

self._issue(user, issued);

if (self._passReqToCallback)
self._issue(req, user, issued);
else
self._issue(user, issued);
}

self._verify(token, verified);

if (self._passReqToCallback)
self._verify(req, token, verified);
else
self._verify(token, verified);
}


/**
* Expose `Strategy`.
*/
*/
module.exports = Strategy;