Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect req.flash for logout() #91

Open
cookie-ag opened this issue Jan 27, 2017 · 4 comments
Open

Incorrect req.flash for logout() #91

cookie-ag opened this issue Jan 27, 2017 · 4 comments

Comments

@cookie-ag
Copy link

So here is what i am doing:

routes.js

router.get('/logout',security.logoutToken, LogoutController.EmailandLog, LogoutController.DeleteSessions, LogoutController.Redirect);

security.js

exports.logoutToken = passwordless.logout({
    successFlash: 'Hope to see you soon.'
});

//security.restrictedWithoutToken, FYI

exports.restrictedWithoutToken = passwordless.restricted({
    failureRedirect: '/login',
    failureFlash: 'You are not authenticated to view this page. Try again!'
});

LogoutController.js

exports.EmailandLog = function(req, res, next) {

    if (!req.session.email || req.session.email === undefined) {
        res.redirect('/login');
    } else {
        //Send Email
        // next();
    }
};

exports.DeleteSessions = function(req, res, next) {
    req.session.destroy(function(err) {
        if (err) {
            next(err);
        }
        next();
    });
};

exports.Redirect = function(req, res, next) {
    res.redirect('/login');
}

Issue:

  • On successful logging out, logout.options.successFlash but what i see is restricted.options.failureFlash i.e. "You are not authenticated to view this page. Try again!"
  • I am confused on how to fix it?
@florianheinemann
Copy link
Owner

Hey,
Are you sure the controller redirects to a page that is not restricted?
Cheers

@cookie-ag
Copy link
Author 

Router.get ('/login',....);
Router.post('/login',...);

Neither of them have any passwordless.restricted ();. So answer is yes I am sure that controller redirects to a page that is not restricted.

@florianheinemann
Copy link
Owner

You're also aware that the success-flashes are stored in a different array? https://passwordless.net/deepdive#success-flashes

@cookie-ag
Copy link
Author

@florianheinemann I checked and its not related to req.flash. You can see the logs, where the controller triggers /logout, where it should redirect to /login but somehow it redirects to req.url (such as /activity, which is restricted), hence showing the error for restricted module.

  • Logs below for reference
  req-started 14-08-2017 01:52:31:334 GET /logout ::ffff:127.0.0.1 +10s
  req-success req.path /logout
  req-success res.statusCode 302
  req-success  +0ms
  req-isended 14-08-2017 01:52:31:335 GET /logout ::ffff:127.0.0.1 +0ms

  req-started 14-08-2017 01:52:31:347 GET /login ::ffff:127.0.0.1 +5ms
  req-success req.path /login
  req-success res.statusCode 200
  req-success  +0ms
  req-isended 14-08-2017 01:52:31:347 GET /login ::ffff:127.0.0.1 +0ms

  req-started 14-08-2017 01:52:31:396 GET /activity/ ::ffff:127.0.0.1 +49ms
  req-success req.path /activity/
  req-success res.statusCode 302
  req-success  +1ms
  req-isended 14-08-2017 01:52:31:397 GET /activity/ ::ffff:127.0.0.1 +0ms

  req-started 14-08-2017 01:52:31:452 GET /login ::ffff:127.0.0.1 +5ms
  req-success req.path /login
  req-success res.statusCode 200
  req-success  +0ms
  req-isended 14-08-2017 01:52:31:452 GET /login ::ffff:127.0.0.1 +0ms

I am trying to find why it happens and it doesn't seem to make sense, any idea?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@florianheinemann @cookie-ag