connect-auth shouldn't use undefined and depend on it being returned from sessions about connect-auth HOT 10 CLOSED

How does the commit 8caeaa9 look ? Is that preferable?

from connect-auth.

I think this is what I'm after:
http://github.com/lakinwecker/connect-auth/commit/f0b9db8643d462938683f7b28ed541eeaf702b50

Basically - when I put the session into mongodb, it converts all undefined values into null, and then when I pull the session value back out of mongodb, connect-auth thinks it's authenticated because null !== undefined. Which is incorrect.

from connect-auth.

Indeed, I did think the commit I referenced would fix that (the chap who did it is persisting to mongo also!) I do think there's probably an issue with the mongo provider there, I don't think it should be converting undefined values into null ? I'm happy to pull your change in though if it definitely fixes things for you :) ... I might swap out the !(!foo) for just (foo) though as that should be safe I think ?

from connect-auth.

So you're right. My session provider should probably find a way to deal with undefined values as that's part of javascript. The only way that I know of (at the moment) to serialize javascript objects within a node environment is with JSON - the issue is that undefined is not valid JSON, nor is it a valid value within MongoDB.

So in either case, my session provider would have to detect all of the values set to undefined in the session and remove them or convert them to null (which is what the MongoDB provider or MongoDB itself is doing).

However, I still believe that this is a valid change to connect-auth as a null value for the user should not be considered to be authenticated. :)

In summary, I agree with you that there is a bug with my session provider and possibly even in the MongoDB libraries I'm using in relation to undefined values - but I still think that this is a valid bug within connect-auth.

Will (foo) return a boolean value? or will it just return the user object itself? If it returns a boolean value- then I think your above change is correct. If not, then I'd be +0 keeping the !(!foo) - but either way thanks for taking the time to fix it. :)

from connect-auth.

I'm kinda weirded out that a variable declared as 'undefined' is even detected on an object literal , thats something I need to revise Javascript wise !! :)
In terms of if(foo); if foo is false, 0, NaN, "", null, or undefined then if(foo) will not execute, otherwise it will :)

I'll pull your stuff in tomorrow, I'm done for the day now, time for bed, sorry!

from connect-auth.

Right in the context of an if statement it will act as a boolean, but in a return statement?

Tomorrow is great. Thanks

from connect-auth.

The behaviour should be the same :)

from connect-auth.

Not quite. It actually returns the value, not a boolean:

http://paste.pocoo.org/show/272392/

Out of all of those styles, I think I prefer:
return req.getAuthDetails().user ? true : false;

from connect-auth.

Landed in 486be54 ;) thank you!

from connect-auth.

Thank you.

from connect-auth.