Addresses Issue 62 - Allows authentication scope knowledge to survive…

… redirects
ciaranj · Sep 4, 2011 · 2a68422 · 2a68422
1 parent b8a5a04
commit 2a68422
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/lib/requestMethods.js b/lib/requestMethods.js
@@ -53,10 +53,17 @@ module.exports.authenticate= function(strategy, opts, callback, strategyExecutor
      }
    }
 
+   // Sometimes the authentication scope needs to passed between requests, we store this information
+   // transiently on the session.
+   if( scope === undefined && req.getAuthDetails().__performingAuthentication && req.getAuthDetails().__originalScope ) {
+     scope= req.getAuthDetails().__originalScope;
+   }
+
    trace( "Authenticating ("+this.headers.host + this.url+")", scope, ">>>" );
    if( req.isAuthenticated(scope) ) {
      delete req.getAuthDetails().__performingAuthentication;
      delete req.getAuthDetails().__originalUrl;
+     delete req.getAuthDetails().__originalScope;
      trace( "Authentication successful (Already Authenticated)", scope, "<<<" );
      callback(null, true);
    }
@@ -75,6 +82,7 @@ module.exports.authenticate= function(strategy, opts, callback, strategyExecutor
        if(error) {
          delete req.getAuthDetails().__performingAuthentication;
          delete req.getAuthDetails().__originalUrl;
+         delete req.getAuthDetails().__originalScope
          trace( "Authentication error: "+ error, scope, "<<<" );
          callback(error);
        }
@@ -83,7 +91,8 @@ module.exports.authenticate= function(strategy, opts, callback, strategyExecutor
            trace( "Authentication successful", scope, "<<<" );
            executionResult.originalUrl= req.getAuthDetails().__originalUrl;
            delete req.getAuthDetails().__originalUrl;
-
+           delete req.getAuthDetails().__originalScope
+
            if( scope === undefined) {
             req.getAuthDetails().user= executionResult.user;
            }
@@ -111,12 +120,14 @@ module.exports.authenticate= function(strategy, opts, callback, strategyExecutor
          else if( executionResult.authenticated === false ) {
            delete req.getAuthDetails().__performingAuthentication;
            delete req.getAuthDetails().__originalUrl;
+           delete req.getAuthDetails().__originalScope;
            trace( "Authentication failed", scope, "<<<" );
            callback(null, executionResult.authenticated)
          }
          else {
            req.getAuthDetails().__performingAuthentication= true;
            req.getAuthDetails().__originalUrl= req.url;
+           req.getAuthDetails().__originalScope= scope;
            trace( "Authentication ongoing (Requires browser interaction)", scope, "<<<" );
            callback(null, executionResult.authenticated)
          }