Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug fix in middleware/authenticate #1003

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fergus99
Copy link

@fergus99 fergus99 commented Sep 12, 2023

-Fix bug in middelware/authenticate where strategy was not copied using Object.create() when passed
into authenticate() as an object.
-add tests to validate that calling authenticate() does not modify the original strategy object

** READ THIS FIRST! **

Are you implementing a new feature?

Requests for new features should first be discussed on the developer forum.
This allows the community to gather feedback and assess whether or not there is
an existing way to achieve the desired functionality.

If it is determined that a new feature needs to be implemented, include a link
to the relevant discussion along with the pull request.

Is this a security patch?

Do not open pull requests that might have security implications. Potential
security vulnerabilities should be reported privately to [email protected].
Once any vulerabilities have been repaired, the details will be disclosed
publicly in a responsible manner. This also allows time for coordinating with
affected parties in order to mitigate negative consequences.

If neither of the above two scenarios apply to your situation, you should open
a pull request. Delete this paragraph and the text above, and fill in the
information requested below.

Checklist

  • I have read the CONTRIBUTING guidelines.
  • I have added test cases which verify the correct operation of this feature or patch.
  • I have added documentation pertaining to this feature or patch.
  • The automated test suite ($ make test) executes successfully.
  • The automated code linting ($ make lint) executes successfully.

-Fix bug in middelware/authenticate where strategy
was not copied using Object.create() when passed
in to autenticate() as an object.
-add tests to validate that calling authenticate() does not modify
the original strategy object
@fergus99
Copy link
Author

There is a bug in middleware/authenticate which causes the strategy passed in to passport.authenticate() to be modified. This can cause unexpected behavior when eg. the success function is modified during a callback. This only occurs when the object is passed into passport.authenticate() directly, not the string name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant