Skip to content

Commit edd5275

Browse files
azatothbajtos
azatoth
authored and
bajtos
committed
Fix token middleware crash
Fix token middleware to check if `req.loopbackContext` is active. The context is not active for example when express-session calls setImmediate which breaks CLS.
1 parent ba5f36f commit edd5275

File tree

3 files changed

+28
-1
lines changed

3 files changed

+28
-1
lines changed

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
"cookie-parser": "^1.3.4",
6464
"es5-shim": "^4.1.0",
6565
"eslint-config-loopback": "^1.0.0",
66+
"express-session": "^1.14.0",
6667
"grunt": "^1.0.1",
6768
"grunt-browserify": "^5.0.0",
6869
"grunt-cli": "^1.2.0",

server/middleware/token.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@ function token(options) {
125125
req.accessToken = token || null;
126126
rewriteUserLiteral(req, currentUserLiteral);
127127
var ctx = req.loopbackContext;
128-
if (ctx) ctx.set('accessToken', token);
128+
if (ctx && ctx.active) ctx.set('accessToken', token);
129129
next(err);
130130
});
131131
};

test/access-token.test.js

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ var LoopBackContext = require('loopback-context');
88
var contextMiddleware = require('loopback-context').perRequest;
99
var loopback = require('../');
1010
var extend = require('util')._extend;
11+
var session = require('express-session');
12+
1113
var Token = loopback.AccessToken.extend('MyToken');
1214
var ds = loopback.createDataSource({ connector: loopback.Memory });
1315
Token.attachTo(ds);
@@ -509,6 +511,30 @@ describe('app.enableAuth()', function() {
509511
done();
510512
});
511513
});
514+
515+
// See https://github.com/strongloop/loopback-context/issues/6
516+
it('checks whether context is active', function(done) {
517+
var app = loopback();
518+
519+
app.enableAuth();
520+
app.use(contextMiddleware());
521+
app.use(session({
522+
secret: 'kitty',
523+
saveUninitialized: true,
524+
resave: true,
525+
}));
526+
app.use(loopback.token({ model: Token }));
527+
app.get('/', function(req, res) { res.send('OK'); });
528+
app.use(loopback.rest());
529+
530+
request(app)
531+
.get('/')
532+
.set('authorization', this.token.id)
533+
.set('cookie', 'connect.sid=s%3AFTyno9_MbGTJuOwdh9bxsYCVxlhlulTZ.' +
534+
'PZvp85jzLXZBCBkhCsSfuUjhij%2Fb0B1K2RYZdxSQU0c')
535+
.expect(200, 'OK')
536+
.end(done);
537+
});
512538
});
513539

514540
function createTestingToken(done) {

0 commit comments

Comments
 (0)