renamed unauthenticated to setunauthenticatedcode

deitch · Sep 30, 2017 · b3ed0f3 · b3ed0f3
1 parent acfd5ef
commit b3ed0f3
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ var express = require('express'), app = express(), cs = require('cansecurity'),
 
 	// only authorized if logged in, or as certain roles, or some combination
 	app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200);
-	app.get("/secure/customloggedin",cansec.unauthenticated({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200);
+	app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200);
 	app.get("/secure/user/:user",cansec.restrictToSelf,send200);
 	app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200);
 	app.get("/secure/roles/adminOrSuper",cansec.restrictToRoles(["admin","super"]),send200);

diff --git a/lib/authorization.js b/lib/authorization.js
@@ -4,10 +4,14 @@ const errors = require('./errors'), rparams = require('./param'), sender = requi
   csauth = constants.header.AUTH,
   fields = {}, params = {};
 
-const checkLoggedIn = (req, res, next, unauthCode = HttpStatus.UNAUTHORIZED, unauthLocation = null) => {
+const checkLoggedIn = (req, res, next) => {
     // If our user is authenticated
     // then everything is fine :)
-    let logged = true;
+    let logged = true, 
+        unauthenticatedResponse = req.unauthenticatedResponse || {}
+        unauthCode = unauthenticatedResponse.code || HttpStatus.UNAUTHORIZED;
+        unauthLocation = unauthenticatedResponse.location || null;
+
     rparams(req);
     if (!req[csauth]) {
       if (unauthLocation != null) {
@@ -104,9 +108,10 @@ const checkLoggedIn = (req, res, next, unauthCode = HttpStatus.UNAUTHORIZED, una
       }
     },
     indirect: {
-      unauthenticated: (unauthenticatedResponse) => {
-        return (req, res, next) => {
-          checkLoggedIn(req, res, next, unauthenticatedResponse.code, unauthenticatedResponse.location) && next();
+      setUnauthenticatedCode: (unauthenticatedResponse) => {
+        return (req, res, next) => { 
+          req.unauthenticatedResponse = unauthenticatedResponse;
+          next()
         };
       },
       // valid if user is logged in *and* the logged-in user has at least one of the given roles

diff --git a/test/test-authorization.js b/test/test-authorization.js
@@ -318,7 +318,7 @@ alltests = function () {
 setpaths = function () {
 	app.get('/secure/fieldOrRole',cansec.restrictToFieldOrRoles("owner","admin",getCheckObject),send200);
 	app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200);
-	app.get("/secure/customloggedin",cansec.unauthenticated({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200);
+	app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200);
 	app.get("/secure/user/:user",cansec.restrictToSelf,send200);
 	app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200);
 	app.get("/secure/roles/adminOrSuper",cansec.restrictToRoles(["admin","super"]),send200);