hapi-auth-cookie
Advanced tools
Comparing version 1.4.0 to 1.4.1
@@ -102,3 +102,3 @@ var Hapi = require('hapi'); | ||
return callback(null, true, cached.item.account) | ||
return callback(null, true, cached.account) | ||
}) | ||
@@ -105,0 +105,0 @@ } |
@@ -39,3 +39,4 @@ // Load modules | ||
path: '/', | ||
isHttpOnly: settings.isHttpOnly !== false // Defaults to true | ||
isHttpOnly: settings.isHttpOnly !== false, // Defaults to true | ||
clearInvalid: settings.clearInvalid | ||
}; | ||
@@ -133,3 +134,3 @@ | ||
return unauthenticated(Boom.unauthorized('Invalid cookie'), { credentials: credentials, artifacts: session }); | ||
return unauthenticated(Boom.unauthorized('Invalid cookie'), { credentials: credentials || session, artifacts: session }); | ||
} | ||
@@ -185,2 +186,1 @@ | ||
}; | ||
{ | ||
"name": "hapi-auth-cookie", | ||
"description": "Cookie authentication plugin", | ||
"version": "1.4.0", | ||
"version": "1.4.1", | ||
"repository": "git://github.com/hapijs/hapi-auth-cookie", | ||
@@ -6,0 +6,0 @@ "main": "index", |
@@ -1362,2 +1362,111 @@ // Load modules | ||
}); | ||
it('clear cookie on invalid', function (done) { | ||
var server = new Hapi.Server(); | ||
server.pack.register(require('../'), function (err) { | ||
expect(err).to.not.exist(); | ||
server.auth.strategy('default', 'cookie', true, { | ||
password: 'password1', | ||
ttl: 60 * 1000, | ||
domain: 'example.com', | ||
cookie: 'special', | ||
clearInvalid: true, | ||
validateFunc: function (session, callback) { | ||
var override = Hoek.clone(session); | ||
override.something = 'new'; | ||
return callback(null, session.user === 'valid', override); | ||
} | ||
}); | ||
server.route({ | ||
method: 'GET', path: '/login/{user}', | ||
config: { | ||
auth: { mode: 'try' }, | ||
handler: function (request, reply) { | ||
request.auth.session.set({ user: request.params.user }); | ||
return reply(request.params.user); | ||
} | ||
} | ||
}); | ||
server.route({ | ||
method: 'GET', path: '/resource', handler: function (request, reply) { | ||
expect(request.auth.credentials.something).to.equal('new'); | ||
return reply('resource'); | ||
} | ||
}); | ||
server.inject('/login/valid', function (res) { | ||
expect(res.result).to.equal('valid'); | ||
var header = res.headers['set-cookie']; | ||
expect(header.length).to.equal(1); | ||
expect(header[0]).to.contain('Max-Age=60'); | ||
var cookie = header[0].match(/(?:[^\x00-\x20\(\)<>@\,;\:\\"\/\[\]\?\=\{\}\x7F]+)\s*=\s*(?:([^\x00-\x20\"\,\;\\\x7F]*))/); | ||
// kill the server, and create a new one, then use the saved cookie | ||
// and see if it gets unset | ||
server.stop(function(){ | ||
var server2 = new Hapi.Server(); | ||
server2.pack.register(require('../'), function (err) { | ||
server2.auth.strategy('default', 'cookie', true, { | ||
password: 'password2', | ||
ttl: 60 * 1000, | ||
domain: 'example.com', | ||
cookie: 'special', | ||
clearInvalid: true, | ||
validateFunc: function (session, callback) { | ||
var override = Hoek.clone(session); | ||
override.something = 'new'; | ||
return callback(null, session.user === 'valid', override); | ||
} | ||
}); | ||
server2.route({ | ||
method: 'GET', path: '/login/{user}', | ||
config: { | ||
auth: { mode: 'try' }, | ||
handler: function (request, reply) { | ||
request.auth.session.set({ user: request.params.user }); | ||
return reply(request.params.user); | ||
} | ||
} | ||
}); | ||
server2.route({ | ||
method: 'GET', path: '/resource', handler: function (request, reply) { | ||
expect(request.auth.credentials.something).to.equal('new'); | ||
return reply('resource'); | ||
} | ||
}); | ||
server2.inject({ method: 'GET', url: '/resource', headers: { cookie: 'special=' + cookie[1] } }, function(res) { | ||
expect(JSON.stringify(res.result)).to.equal('{"statusCode":400,"error":"Bad Request","message":"Bad cookie value: special"}'); | ||
var header = res.headers['set-cookie']; | ||
expect(header.length).to.equal(1); | ||
expect(header[0]).to.contain('Max-Age=0'); | ||
expect(header[0]).to.contain('Expires='); | ||
expect(header[0]).to.contain('special=;'); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
70796
1349