Comments (10)
How does the commit 8caeaa9 look ? Is that preferable?
from connect-auth.
I think this is what I'm after:
http://github.com/lakinwecker/connect-auth/commit/f0b9db8643d462938683f7b28ed541eeaf702b50
Basically - when I put the session into mongodb, it converts all undefined values into null, and then when I pull the session value back out of mongodb, connect-auth thinks it's authenticated because null !== undefined. Which is incorrect.
from connect-auth.
Indeed, I did think the commit I referenced would fix that (the chap who did it is persisting to mongo also!) I do think there's probably an issue with the mongo provider there, I don't think it should be converting undefined values into null ? I'm happy to pull your change in though if it definitely fixes things for you :) ... I might swap out the !(!foo) for just (foo) though as that should be safe I think ?
from connect-auth.
So you're right. My session provider should probably find a way to deal with undefined values as that's part of javascript. The only way that I know of (at the moment) to serialize javascript objects within a node environment is with JSON - the issue is that undefined is not valid JSON, nor is it a valid value within MongoDB.
So in either case, my session provider would have to detect all of the values set to undefined in the session and remove them or convert them to null (which is what the MongoDB provider or MongoDB itself is doing).
However, I still believe that this is a valid change to connect-auth as a null value for the user should not be considered to be authenticated. :)
In summary, I agree with you that there is a bug with my session provider and possibly even in the MongoDB libraries I'm using in relation to undefined values - but I still think that this is a valid bug within connect-auth.
Will (foo) return a boolean value? or will it just return the user object itself? If it returns a boolean value- then I think your above change is correct. If not, then I'd be +0 keeping the !(!foo) - but either way thanks for taking the time to fix it. :)
from connect-auth.
I'm kinda weirded out that a variable declared as 'undefined' is even detected on an object literal , thats something I need to revise Javascript wise !! :)
In terms of if(foo); if foo is false, 0, NaN, "", null, or undefined then if(foo) will not execute, otherwise it will :)
I'll pull your stuff in tomorrow, I'm done for the day now, time for bed, sorry!
from connect-auth.
Right in the context of an if statement it will act as a boolean, but in a return statement?
Tomorrow is great. Thanks
from connect-auth.
The behaviour should be the same :)
from connect-auth.
Not quite. It actually returns the value, not a boolean:
http://paste.pocoo.org/show/272392/
Out of all of those styles, I think I prefer:
return req.getAuthDetails().user ? true : false;
from connect-auth.
Landed in 486be54 ;) thank you!
from connect-auth.
Thank you.
from connect-auth.
Related Issues (20)
- GET /oauth/authorize doesn't validate oauth_token parameter
- Cannot set property 'twitter_oauth_token_secret' of undefined
- ENOENT on installation HOT 5
- Google2 scopes handled incorrectly
- Modularize
- Per-request scoped scope HOT 5
- session not kept between http callbacks HOT 10
- how to handle authenticated && !req.isAuthenticated()? HOT 18
- Upgrade dependencies to versions that support 0.10.x HOT 1
- Add an explict LICENSE file HOT 1
- Please provide oauth2 client example as oauth2clientapp.js
- Facebook permission Scopes are buggy
- Support connect 2.8.x
- keyfile instructions unclear
- Has this project been abandoned
- upgrade connect to deal with qs vulnerabilities
- tweet on behalf of user HOT 1
- Archive?
- TypeError: Object #<Object> has no method 'fail' HOT 2
- OAuth data provider's tokenByConsumer() allows exactly one request token per consumer HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connect-auth.