hapi-auth-cookie - npm Package Compare versions

Comparing version 1.4.0 to 1.4.1

example/index.js

@@ -102,3 +102,3 @@ var Hapi = require('hapi');
 
-                return callback(null, true, cached.item.account)
+                return callback(null, true, cached.account)
             })
@@ -105,0 +105,0 @@ }

lib/index.js

@@ -39,3 +39,4 @@ // Load modules
         path: '/',
-        isHttpOnly: settings.isHttpOnly !== false               // Defaults to true
+        isHttpOnly: settings.isHttpOnly !== false,              // Defaults to true
+        clearInvalid: settings.clearInvalid
     };
@@ -133,3 +134,3 @@
 
-                        return unauthenticated(Boom.unauthorized('Invalid cookie'), { credentials: credentials, artifacts: session });
+                        return unauthenticated(Boom.unauthorized('Invalid cookie'), { credentials: credentials || session, artifacts: session });
                     }
@@ -185,2 +186,1 @@
 };
-

package.json

 {
   "name": "hapi-auth-cookie",
   "description": "Cookie authentication plugin",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "repository": "git://github.com/hapijs/hapi-auth-cookie",
@@ -6,0 +6,0 @@ "main": "index",

test/index.js

@@ -1362,2 +1362,111 @@ // Load modules
     });
+
+    it('clear cookie on invalid', function (done) {
+
+        var server = new Hapi.Server();
+        server.pack.register(require('../'), function (err) {
+
+            expect(err).to.not.exist();
+
+            server.auth.strategy('default', 'cookie', true, {
+                password: 'password1',
+                ttl: 60 * 1000,
+                domain: 'example.com',
+                cookie: 'special',
+                clearInvalid: true,
+                validateFunc: function (session, callback) {
+
+                    var override = Hoek.clone(session);
+                    override.something = 'new';
+
+                    return callback(null, session.user === 'valid', override);
+                }
+            });
+
+            server.route({
+                method: 'GET', path: '/login/{user}',
+                config: {
+                    auth: { mode: 'try' },
+                    handler: function (request, reply) {
+
+                        request.auth.session.set({ user: request.params.user });
+                        return reply(request.params.user);
+                    }
+                }
+            });
+
+            server.route({
+                method: 'GET', path: '/resource', handler: function (request, reply) {
+
+                    expect(request.auth.credentials.something).to.equal('new');
+                    return reply('resource');
+                }
+            });
+
+            server.inject('/login/valid', function (res) {
+
+                expect(res.result).to.equal('valid');
+                var header = res.headers['set-cookie'];
+                expect(header.length).to.equal(1);
+                expect(header[0]).to.contain('Max-Age=60');
+                var cookie = header[0].match(/(?:[^\x00-\x20\(\)<>@\,;\:\\"\/\[\]\?\=\{\}\x7F]+)\s*=\s*(?:([^\x00-\x20\"\,\;\\\x7F]*))/);
+
+                // kill the server, and create a new one, then use the saved cookie
+                // and see if it gets unset
+                server.stop(function(){
+
+                var server2 = new Hapi.Server();
+                server2.pack.register(require('../'), function (err) {
+
+                    server2.auth.strategy('default', 'cookie', true, {
+                        password: 'password2',
+                        ttl: 60 * 1000,
+                        domain: 'example.com',
+                        cookie: 'special',
+                        clearInvalid: true,
+                        validateFunc: function (session, callback) {
+
+                            var override = Hoek.clone(session);
+                            override.something = 'new';
+
+                            return callback(null, session.user === 'valid', override);
+                        }
+                    });
+
+                    server2.route({
+                        method: 'GET', path: '/login/{user}',
+                        config: {
+                            auth: { mode: 'try' },
+                            handler: function (request, reply) {
+
+                                request.auth.session.set({ user: request.params.user });
+                                return reply(request.params.user);
+                            }
+                        }
+                    });
+
+                    server2.route({
+                        method: 'GET', path: '/resource', handler: function (request, reply) {
+
+                            expect(request.auth.credentials.something).to.equal('new');
+                            return reply('resource');
+                        }
+                    });
+
+                    server2.inject({ method: 'GET', url: '/resource', headers: { cookie: 'special=' + cookie[1] } }, function(res) {
+
+                        expect(JSON.stringify(res.result)).to.equal('{"statusCode":400,"error":"Bad Request","message":"Bad cookie value: special"}');
+                        var header = res.headers['set-cookie'];
+                        expect(header.length).to.equal(1);
+                        expect(header[0]).to.contain('Max-Age=0');
+                        expect(header[0]).to.contain('Expires=');
+                        expect(header[0]).to.contain('special=;');
+
+                        done();
+                    });
+                });
+                });
+            });
+        });
+    });
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

70796

increased by6.52%

Lines of code

1349

increased by6.81%

No dependency changes