From 60cc079f78e9c1c818b6a6d39e7665325f33908c Mon Sep 17 00:00:00 2001 From: vladimir-trifonov Date: Thu, 20 Apr 2017 13:04:51 +0300 Subject: [PATCH] [ARRSOF-66] "requireSessionLogin" requires username and pass or sessioncookiestring for every request --- lib/lifecycle/login.js | 25 +++++++++++++++++++++---- lib/lifecycle/loginRequired.js | 2 +- package.json | 2 +- test/test-connector.js | 8 ++++---- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/lib/lifecycle/login.js b/lib/lifecycle/login.js index 7f64431..3dfa276 100644 --- a/lib/lifecycle/login.js +++ b/lib/lifecycle/login.js @@ -13,16 +13,32 @@ exports.login = function login(request, response, next) { username = headers.user, password = headers.pass; + // Remove the db from cache and from the connector variables + function deleteDb() { + self.db = null; + + if(self.baseContext && self.baseContext.db) { + self.baseContext.db = null; + } + + if(self.cache && + request.headers && + typeof request.headers.sessioncookiestring !== 'undefined' && + request.headers.sessioncookiestring !== null) { + self.cache.set(request.headers.sessioncookiestring, null); + } + } + // login to get the user and make sure this session is valid // but only do it once for a session - if (this.db && !username && !password && !request.cookies.arrowdbuid) { + if (this.db && !username && !password && !request.cookies.arrowdbuid && this.config.requireSessionLogin !== true) { if (this.db.arrowdbuid) { // we already have it return next(); } return this.db.usersShowMe(function (err, result) { if (err) { - self.db = null; + deleteDb(); return next('Authentication is required. Invalid or expired sessionCookieString header passed.'); } self.user = result && result.body && result.body.response && result.body.response.users && result.body.response.users[0]; @@ -33,7 +49,8 @@ exports.login = function login(request, response, next) { } if (!username || !password) { - if (this.config.requireSessionLogin) { + if (this.config.requireSessionLogin === true) { + deleteDb(); return next('Authentication is required. Please pass these headers: user, and pass; or sessionCookieString.'); } else { @@ -47,7 +64,7 @@ exports.login = function login(request, response, next) { password: password }, function loginCallback(err, result) { if (err) { - self.db = self.baseContext.db = null; + deleteDb(); return next(err); } diff --git a/lib/lifecycle/loginRequired.js b/lib/lifecycle/loginRequired.js index bc6fc4e..ead5d86 100644 --- a/lib/lifecycle/loginRequired.js +++ b/lib/lifecycle/loginRequired.js @@ -4,7 +4,7 @@ var ArrowDB = require('arrowdb'); * loginRequired checks to see if the current req for this connector requires the user to login. */ exports.loginRequired = function loginRequired(request, next) { - if (this.db || !request) { + if (this.config.requireSessionLogin !== true && (this.db || !request)) { return next(null, false); } if (request.headers && request.headers.sessioncookiestring) { diff --git a/package.json b/package.json index ede54b6..f590733 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "appc.arrowdb", "description": "ArrowDB connector", - "version": "1.2.0", + "version": "1.2.1", "author": "Jeff Haynie", "maintainers": [ "Jeff Haynie ", diff --git a/test/test-connector.js b/test/test-connector.js index 1dea21f..7eed579 100644 --- a/test/test-connector.js +++ b/test/test-connector.js @@ -49,10 +49,10 @@ describe('Connector', function () { }); }); - it('should return basedb', function (done) { - var basedb = this.connector.getDB(); - should(basedb).be.an.Object; - done(); + it('should throw error', function () { + should(function() { + this.connector.getDB(); + }).throw(); }); it('should return db', function (done) {