Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix invalid cookie header. Closes #171
  • Loading branch information
hueniverse committed Mar 20, 2017
1 parent 71e9232 commit 249ba17
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 3 deletions.
7 changes: 6 additions & 1 deletion lib/socket.js
Expand Up @@ -537,7 +537,12 @@ internals.Socket.prototype._authenticate = function () {
return;
}

this._listener._connection.states.parse(cookies, (ignoreErr, state, failed) => {
this._listener._connection.states.parse(cookies, (err, state, failed) => {

if (err) {
this.auth._error = Boom.unauthorized('Invalid nes authentication cookie');
return;
}

const auth = state[config.cookie];
if (auth) {
Expand Down
4 changes: 2 additions & 2 deletions package.json
@@ -1,7 +1,7 @@
{
"name": "nes",
"description": "WebSocket adapter plugin for hapi routes",
"version": "6.4.0",
"version": "6.4.1",
"repository": "git://github.com/hapijs/nes",
"main": "lib/index.js",
"browser": "dist/client.js",
Expand Down Expand Up @@ -31,7 +31,7 @@
"babel-preset-es2015": "^6.1.2",
"code": "4.x.x",
"hapi": "16.x.x",
"lab": "11.x.x"
"lab": "13.x.x"
},
"babel": {
"presets": ["es2015"]
Expand Down
35 changes: 35 additions & 0 deletions test/auth.js
Expand Up @@ -392,6 +392,41 @@ describe('authentication', () => {
});
});

it('errors on invalid cookie', (done) => {

const server = new Hapi.Server();
server.connection();

server.register({ register: Nes, options: { auth: { type: 'cookie' } } }, (err) => {

expect(err).to.not.exist();

server.auth.scheme('custom', internals.implementation);
server.auth.strategy('default', 'custom', true);

server.route({
method: 'GET',
path: '/',
handler: function (request, reply) {

return reply('hello');
}
});

server.start((err) => {

expect(err).to.not.exist();
const client = new Nes.Client('http://localhost:' + server.info.port, { ws: { headers: { cookie: '"' } } });
client.connect((err) => {

expect(err).to.be.an.error('Invalid nes authentication cookie');
client.disconnect();
server.stop(done);
});
});
});
});

it('overrides cookie path', (done) => {

const server = new Hapi.Server();
Expand Down

0 comments on commit 249ba17

Please sign in to comment.