Skip to content
This repository was archived by the owner on Oct 11, 2022. It is now read-only.

Maybe fix req.user bug #3956

Merged
merged 1 commit into from
Sep 28, 2018
Merged

Maybe fix req.user bug #3956

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/authentication.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ const GITHUB_OAUTH_CLIENT_ID = IS_PROD
const init = () => {
// Setup use serialization
passport.serializeUser((user, done) => {
done(null, JSON.stringify(user));
done(null, typeof user === 'string' ? user : JSON.stringify(user));
});

// NOTE(@mxstbr): `data` used to be just the userID, but is now the full user data
Expand Down
14 changes: 8 additions & 6 deletions api/utils/session-store.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ import session from 'shared/middlewares/session';
const ONE_YEAR = 31556952000;
const ONE_DAY = 86400000;

const isSerializedJSON = (str: string) =>
str[0] === '{' && str[str.length - 1] === '}';

/**
* Get the sessions' users' ID of a req manually, needed for websocket authentication
*/
Expand All @@ -20,14 +23,13 @@ export const getUserIdFromReq = (req: any): Promise<?string> =>
// NOTE(@mxstbr): `req.session.passport.user` used to be just the userID, but is now the full user data
// JSON.stringified to avoid having to go to the db on every single request. We have to handle both
// cases here to get the ID.
let id;
if (!isSerializedJSON(req.session.passport.user))
return res(req.session.passport.user);

try {
const user = JSON.parse(req.session.passport.user);
id = user.id;
return res(JSON.parse(req.session.passport.user).id);
} catch (err) {
id = req.session.passport.user;
return res(null);
}

return res(id);
});
});
22 changes: 19 additions & 3 deletions hyperion/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,28 @@ import session from 'shared/middlewares/session';
app.use(session);

import passport from 'passport';
// Setup use serialization
passport.serializeUser((user, done) => {
done(null, user.id);
done(null, typeof user === 'string' ? user : JSON.stringify(user));
});

passport.deserializeUser((id, done) => {
getUser({ id })
// NOTE(@mxstbr): `data` used to be just the userID, but is now the full user data
// to avoid having to go to the db on every single request. We have to handle both
// cases here, as more and more users use Spectrum again we go to the db less and less
passport.deserializeUser((data, done) => {
// Fast path: try to JSON.parse the data if it works, we got the user data, yay!
try {
const user = JSON.parse(data);
// Make sure more than the user ID is in the data by checking any other required
// field for existance
if (user.id && user.createdAt) {
return done(null, user);
}
// Ignore JSON parsing errors
} catch (err) {}

// Slow path: data is just the userID (legacy), so we have to go to the db to get the full data
getUser({ id: data })
.then(user => {
done(null, user);
})
Expand Down