Fix premature redirect when used with express-session

zypA13510 · zypA13510 · commit 1db59e721a07 · 2018-05-18T16:47:22.000+08:00
diff --git a/lib/middleware/authenticate.js b/lib/middleware/authenticate.js
@@ -101,6 +101,15 @@ module.exports = function authenticate(passport, name, options, callback) {
     // accumulator for failures from each strategy in the chain
     var failures = [];
     
+    function redirect(url) {
+      if (req.session && req.session.save && typeof req.session.save == 'function') {
+        return req.session.save(function() {
+          return res.redirect(url);
+        });
+      }
+      return res.redirect(url);
+    }
+    
     function allFailed() {
       if (callback) {
         if (!multi) {
@@ -142,7 +151,7 @@ module.exports = function authenticate(passport, name, options, callback) {
         }
       }
       if (options.failureRedirect) {
-        return res.redirect(options.failureRedirect);
+        return redirect(options.failureRedirect);
       }
     
       // When failure handling is not delegated to the application, the default
@@ -255,10 +264,10 @@ module.exports = function authenticate(passport, name, options, callback) {
                 url = req.session.returnTo;
                 delete req.session.returnTo;
               }
-              return res.redirect(url);
+              return redirect(url);
             }
             if (options.successRedirect) {
-              return res.redirect(options.successRedirect);
+              return redirect(options.successRedirect);
             }
             next();
           }

Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,15 @@ module.exports = function authenticate(passport, name, options, callback) {`
`101`	`101`	`// accumulator for failures from each strategy in the chain`
`102`	`102`	`var failures = [];`
`103`	`103`
	`104`	`+ function redirect(url) {`
	`105`	`+ if (req.session && req.session.save && typeof req.session.save == 'function') {`
	`106`	`+ return req.session.save(function() {`
	`107`	`+ return res.redirect(url);`
	`108`	`+ });`
	`109`	`+ }`
	`110`	`+ return res.redirect(url);`
	`111`	`+ }`
	`112`	`+`
`104`	`113`	`function allFailed() {`
`105`	`114`	`if (callback) {`
`106`	`115`	`if (!multi) {`
`@@ -142,7 +151,7 @@ module.exports = function authenticate(passport, name, options, callback) {`
`142`	`151`	`}`
`143`	`152`	`}`
`144`	`153`	`if (options.failureRedirect) {`
`145`		`- return res.redirect(options.failureRedirect);`
	`154`	`+ return redirect(options.failureRedirect);`
`146`	`155`	`}`
`147`	`156`
`148`	`157`	`// When failure handling is not delegated to the application, the default`
`@@ -255,10 +264,10 @@ module.exports = function authenticate(passport, name, options, callback) {`
`255`	`264`	`url = req.session.returnTo;`
`256`	`265`	`delete req.session.returnTo;`
`257`	`266`	`}`
`258`		`- return res.redirect(url);`
	`267`	`+ return redirect(url);`
`259`	`268`	`}`
`260`	`269`	`if (options.successRedirect) {`
`261`		`- return res.redirect(options.successRedirect);`
	`270`	`+ return redirect(options.successRedirect);`
`262`	`271`	`}`
`263`	`272`	`next();`
`264`	`273`	`}`