Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Cookie parser is required for strompath.authenticationRequired #602

Open
oshalygin opened this issue Feb 20, 2017 · 1 comment
Open

Cookie parser is required for strompath.authenticationRequired #602

oshalygin opened this issue Feb 20, 2017 · 1 comment

Comments

@oshalygin
Copy link
Contributor

oshalygin commented Feb 20, 2017
edited
Loading

Came across this in my testing earlier but if you protect a route with stormpath.authenticationRequired, the authentication check will not occur if the express application didn't bring in the cookie-parser middleware via the following:

import express from 'express';
import stormpath from 'express-stormpath'
import cookieParser from 'cookie-parser'

const application = express();
application.use(cookieParser());

application.use(stormpath.init(application, stormpathConfiguration));

// This will always respond with authenticated(well reroute) if cookie-parser wasn't included.
application.get('/myAwesomeRoute', stormpath.authenticationRequired, function(req, res){ 
    res.status(200).json(someAwesomeObject);
}

Proposing to add this to the README.md as a required component right above this section:
9. Protect Your Routes

Open to making a PR if you're comfortable with the addition @robertjd

Note: The walkthrough does reference the usage of cookie-parser but it would be good to also include it here in the README.
https://stormpath.com/blog/build-app-nodejs-express-passport-stormpath
@robertjd
Copy link
Member

Thanks @oshalygin , we should add this to the docs!

oshalygin added a commit to oshalygin/express-stormpath that referenced this issue Feb 21, 2017
@oshalygin
Update protected route middleware docs
6ffd124 
- The stormpath middleware, stormpath.authenticationRequired, depends
  on cookie-parser being defined.  Cookie-parser will attach cookies
  from the request and attach them to the canonical req object in
  express.  This property is then used by the middelware to verify
  the authenticity of the user and properly secure the route.
- This commit provides additional requirements to users who are
  leveraging the authenticationRequired middleware

Closes stormpath#602
oshalygin added a commit to oshalygin/express-stormpath that referenced this issue Feb 21, 2017
@oshalygin
Update protected route middleware docs
73e5d7f 
- The stormpath middleware, stormpath.authenticationRequired, depends
  on cookie-parser being defined.  Cookie-parser will attach cookies
  from the request and attach them to the canonical req object in
  express.  This property is then used by the middelware to verify
  the authenticity of the user and properly secure the route.
- This commit provides additional requirements to users who are
  leveraging the authenticationRequired middleware

Closes stormpath#602
@oshalygin oshalygin mentioned this issue Feb 21, 2017
Closed
oshalygin added a commit to oshalygin/express-stormpath that referenced this issue Feb 21, 2017
@oshalygin
Update protected route middleware docs
fdf67db 
- The stormpath middleware, stormpath.authenticationRequired, depends
  on cookie-parser being defined.  Cookie-parser will attach cookies
  from the request and attach them to the canonical req object in
  express.  This property is then used by the middelware to verify
  the authenticity of the user and properly secure the route.
- This commit provides additional requirements to users who are
  leveraging the authenticationRequired middleware

Closes stormpath#602
oshalygin added a commit to oshalygin/express-stormpath that referenced this issue Feb 22, 2017
@oshalygin
Update protected route middleware docs
18449f8 
- The stormpath middleware, stormpath.authenticationRequired, depends
  on cookie-parser being defined.  Cookie-parser will attach cookies
  from the request and attach them to the canonical req object in
  express.  This property is then used by the middelware to verify
  the authenticity of the user and properly secure the route.
- This commit provides additional requirements to users who are
  leveraging the authenticationRequired middleware

Closes stormpath#602
@vkomulai vkomulai mentioned this issue Feb 2, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robertjd @oshalygin