express-authenticators - npm Package Compare versions

Comparing version 0.0.5 to 0.0.6

lib/oauth2/OAuth2.js

@@ -90,10 +90,12 @@ "use strict";
     OAuth2.prototype.callback = function (req) {
-        var _a;
+        var _a, _b;
         return __awaiter(this, void 0, void 0, function () {
-            var state, error, code, requestBody, response, _b, _c, json, err_1, access_token, token_type, expires_in;
-            return __generator(this, function (_d) {
-                switch (_d.label) {
+            var sessionState, state, error, code, requestBody, response, _c, _d, json, err_1, access_token, token_type, expires_in;
+            return __generator(this, function (_e) {
+                switch (_e.label) {
                     case 0:
+                        sessionState = (_a = req.session[sessionKey]) === null || _a === void 0 ? void 0 : _a.state;
+                        (_b = req.session[sessionKey]) === null || _b === void 0 ? true : delete _b.state;
                         state = req.query.state;
-                        if (state !== ((_a = req.session[sessionKey]) === null || _a === void 0 ? void 0 : _a.state))
+                        if (state !== sessionState)
                             throw new OAuth2Error_1.default('Invalid returning state');
@@ -118,3 +120,3 @@ if (req.query.error_code
                     case 1:
-                        _b = _d.sent();
+                        _c = _e.sent();
                         return [3 /*break*/, 4];
@@ -130,18 +132,18 @@ case 2: return [4 /*yield*/, node_fetch_1.default(this.config.tokenURL, {
                     case 3:
-                        _b = _d.sent();
-                        _d.label = 4;
+                        _c = _e.sent();
+                        _e.label = 4;
                     case 4:
-                        response = _b;
+                        response = _c;
                         if (!!response.ok) return [3 /*break*/, 6];
-                        _c = OAuth2Error_1.default.bind;
+                        _d = OAuth2Error_1.default.bind;
                         return [4 /*yield*/, response.text()];
-                    case 5: throw new (_c.apply(OAuth2Error_1.default, [void 0, (_d.sent()) || 'Cannot get access token']))();
+                    case 5: throw new (_d.apply(OAuth2Error_1.default, [void 0, (_e.sent()) || 'Cannot get access token']))();
                     case 6:
-                        _d.trys.push([6, 8, , 9]);
+                        _e.trys.push([6, 8, , 9]);
                         return [4 /*yield*/, response.json()];
                     case 7:
-                        json = _d.sent();
+                        json = _e.sent();
                         return [3 /*break*/, 9];
                     case 8:
-                        err_1 = _d.sent();
+                        err_1 = _e.sent();
                         throw new OAuth2Error_1.default(err_1.message);
@@ -148,0 +150,0 @@ case 9:

package.json

 {
   "name": "express-authenticators",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "description": "Third party authenticators in nodejs. Support various providers. Zero heavy dependencies.",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

113108

increased by0.16%

Lines of code

2110

increased by0.09%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes