Merge pull request #13 from criteo-forks/upstream-fix-authent

Require authentication again when first attempt failed.
criteo · Jan 5, 2019 · 41088b0 · 41088b0
2 parents 537a6f6 + 98ce2a9
commit 41088b0
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -55,7 +55,6 @@
     "selenium-webdriver": "^4.0.0-alpha.1",
     "sinon": "^5.0.7",
     "ts-node": "^6.0.3",
-    "tsc": "^1.20150623.0",
     "tslint": "^5.10.0",
     "tslint-eslint-rules": "^5.3.1",
     "typescript": "^2.8.3"

diff --git a/src/authentication.ts b/src/authentication.ts
@@ -45,7 +45,23 @@ export default function(app: Express.Application) {
 
   app.use(passport.initialize());
   app.use(protectWithBasicAuth);
-  app.use(passport.authenticate('ldapauth', {session: true}));
+  app.use((req, res, next) => {
+    passport.authenticate('ldapauth', {session: true}, (err: Error, user: any, info: any) => {
+      if (err) {
+        return next(err);
+      }
+
+      if (!user) {
+        res.status(401);
+        res.header('WWW-Authenticate', 'Basic realm="must be authenticated"');
+        res.send('Unauthenticated');
+        return;
+      }
+
+      req.user = user;
+      next();
+    })(req, res, next);
+  });
 
   passport.use(new LdapStrategy(options));
 }