Skip to content

Commit 0dadca0

Browse files
jaxoncreedjaxoncreed
authored
Merge pull request #1340 from solid/fix/1317
Fix/1317 (User not logged in 2)
2 parents 6f0707d + 7e5ef82 commit 0dadca0

File tree

4 files changed

+14
-14
lines changed

4 files changed

+14
-14
lines changed

lib/create-app.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,7 @@ function initAuthentication (app, argv) {
296296
*/
297297
function sessionSettings (secureCookies, host) {
298298
let sessionSettings = {
299+
name: 'nssidp.sid',
299300
secret: uuid.v1(),
300301
saveUninitialized: false,
301302
resave: false,

lib/requests/sharing-request.js

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,8 @@ class SharingRequest extends AuthRequest {
8282
} else {
8383
request.renderForm(null, req, appOrigin)
8484
}
85+
} else {
86+
request.redirectPostSharing()
8587
}
8688
}
8789

@@ -119,6 +121,8 @@ class SharingRequest extends AuthRequest {
119121

120122
// Redirect once that's all done
121123
request.redirectPostSharing()
124+
} else {
125+
request.redirectPostSharing()
122126
}
123127
}
124128

@@ -144,12 +148,7 @@ class SharingRequest extends AuthRequest {
144148

145149
isUserLoggedIn () {
146150
// Ensure the user arrived here by logging in
147-
if (!this.session.subject || !this.session.subject._id) {
148-
this.response.status(401)
149-
this.response.send('User not logged in 2')
150-
return false
151-
}
152-
return true
151+
return !!(this.session.subject && this.session.subject._id)
153152
}
154153

155154
getAppUrl () {

test/integration/authentication-oidc-test.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ describe('Authentication API (OIDC)', () => {
137137
})
138138

139139
it('should set the cookie', () => {
140-
expect(cookie).to.match(/connect.sid=\S{65,100}/)
140+
expect(cookie).to.match(/nssidp.sid=\S{65,100}/)
141141
})
142142

143143
it('should set the cookie with HttpOnly', () => {
@@ -247,7 +247,7 @@ describe('Authentication API (OIDC)', () => {
247247
describe('with malicious cookie but without origin', () => {
248248
let response
249249
before(done => {
250-
var malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
250+
var malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
251251
alice.get('/private-for-alice.txt')
252252
.set('Cookie', malcookie)
253253
.end((err, res) => {
@@ -353,7 +353,7 @@ describe('Authentication API (OIDC)', () => {
353353
describe('with malicious cookie but with globally configured origin', () => {
354354
let response
355355
before(done => {
356-
var malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
356+
var malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
357357
alice.get('/private-for-alice.txt')
358358
.set('Cookie', malcookie)
359359
.set('Origin', 'https://apps.solid.invalid')
@@ -407,7 +407,7 @@ describe('Authentication API (OIDC)', () => {
407407
describe('with malicious cookie and our origin', () => {
408408
let response
409409
before(done => {
410-
var malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
410+
var malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
411411
alice.get('/private-for-alice.txt')
412412
.set('Cookie', malcookie)
413413
.set('Origin', aliceServerUri)
@@ -425,7 +425,7 @@ describe('Authentication API (OIDC)', () => {
425425
describe('with malicious cookie and a non-matching origin', () => {
426426
let response
427427
before(done => {
428-
var malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
428+
var malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
429429
alice.get('/private-for-owner.txt')
430430
.set('Cookie', malcookie)
431431
.set('Origin', bobServerUri)
@@ -455,7 +455,7 @@ describe('Authentication API (OIDC)', () => {
455455

456456
describe('with trusted app and malicious cookie', () => {
457457
before(done => {
458-
var malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
458+
var malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
459459
alice.get('/private-for-alice.txt')
460460
.set('Cookie', malcookie)
461461
.set('Origin', trustedAppUri)

test/integration/authentication-oidc-with-strict-origins-turned-off-test.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
134134
})
135135

136136
it('should set the cookie', () => {
137-
expect(cookie).to.match(/connect.sid=\S{65,100}/)
137+
expect(cookie).to.match(/nssidp.sid=\S{65,100}/)
138138
})
139139

140140
it('should set the cookie with HttpOnly', () => {
@@ -286,7 +286,7 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
286286
let malcookie
287287
before(() => {
288288
// How Mallory might set their cookie:
289-
malcookie = cookie.replace(/connect\.sid=(\S+)/, 'connect.sid=l33th4x0rzp0wn4g3;')
289+
malcookie = cookie.replace(/nssidp\.sid=(\S+)/, 'nssidp.sid=l33th4x0rzp0wn4g3;')
290290
})
291291
describe('and no origin set', () => {
292292
before(done => {

0 commit comments

Comments
 (0)