stub out regernerate and save functions

lilt · May 6, 2024 · 1f565e4 · 1f565e4
1 parent 8da951a
commit 1f565e4
Showing 1 changed file with 67 additions and 43 deletions.
diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js
@@ -20,41 +20,53 @@ SessionManager.prototype.logIn = function(req, user, options, cb) {
 
   if (!req.session) { return cb(new Error('Login sessions require session support. Did you forget to use `express-session` middleware?')); }
 
-  // var self = this;
-  // var prevSession = req.session;
+  var self = this;
+  var prevSession = req.session;
+
+  if (!req.session.regenerate) {
+    req.session.regenerate = (cb) => {
+      cb();
+    }
+  }
+
+  if (!req.session.save) {
+    req.session.save = (cb) => {
+      cb();
+    }
+  }
 
   // regenerate the session, which is good practice to help
   // guard against forms of session fixation
-  // req.session.regenerate(function(err) {
-  //   if (err) {
-  //     return cb(err);
-  //   }
-  //
-  //   self._serializeUser(user, req, function(err, obj) {
-  //     req.session.save = function(cb) {
-  //       cb();
-  //     }
-  //     if (err) {
-  //       return cb(err);
-  //     }
-  //     if (options.keepSessionInfo) {
-  //       merge(req.session, prevSession);
-  //     }
-  //     if (!req.session[self._key]) {
-  //       req.session[self._key] = {};
-  //     }
-  //     // store user information in session, typically a user id
-  //     req.session[self._key].user = obj;
-  //     // save the session before redirection to ensure page
-  //     // load does not happen before session is saved
-  //     req.session.save(function(err) {
-  //       if (err) {
-  //         return cb(err);
-  //       }
-  //       cb();
-  //     });
-  //   });
-  // });
+  req.session.regenerate(function(err) {
+    if (err) {
+      return cb(err);
+    }
+
+    self._serializeUser(user, req, function(err, obj) {
+      req.session.save = function(cb) {
+        cb();
+      }
+      if (err) {
+        return cb(err);
+      }
+      if (options.keepSessionInfo) {
+        merge(req.session, prevSession);
+      }
+      if (!req.session[self._key]) {
+        req.session[self._key] = {};
+      }
+      // store user information in session, typically a user id
+      req.session[self._key].user = obj;
+      // save the session before redirection to ensure page
+      // load does not happen before session is saved
+      req.session.save(function(err) {
+        if (err) {
+          return cb(err);
+        }
+        cb();
+      });
+    });
+  });
 }
 
 SessionManager.prototype.logOut = function(req, options, cb) {
@@ -68,24 +80,36 @@ SessionManager.prototype.logOut = function(req, options, cb) {
 
   var self = this;
 
+  if (!req.session.regenerate) {
+    req.session.regenerate = (cb) => {
+      cb();
+    }
+  }
+
+  if (!req.session.save) {
+    req.session.save = (cb) => {
+      cb();
+    }
+  }
+
   // clear the user from the session object and save.
   // this will ensure that re-using the old session id
   // does not have a logged in user
   if (req.session[this._key]) {
     delete req.session[this._key].user;
   }
   var prevSession = req.session;
-    // regenerate the session, which is good practice to help
-    // guard against forms of session fixation
-    // req.session.regenerate(function(err) {
-    //   if (err) {
-    //     return cb(err);
-    //   }
-    //   if (options.keepSessionInfo) {
-    //     merge(req.session, prevSession);
-    //   }
-    //   cb();
-    // });
+  // regenerate the session, which is good practice to help
+  // guard against forms of session fixation
+  req.session.regenerate(function(err) {
+    if (err) {
+      return cb(err);
+    }
+    if (options.keepSessionInfo) {
+      merge(req.session, prevSession);
+    }
+    cb();
+  });
 }