Fix race condition in logOut.

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.7.0] - 2023-11-27
+### Changed
+- Set `req.authInfo` by default when using the `assignProperty` option to
+`authenticate()` middleware.  This makes the behavior the same as when not using
+the option, and can be disabled by setting `authInfo` option to `false`.
+
 ## [0.6.0] - 2022-05-20
 ### Added
 - `authenticate()`, `req#login`, and `req#logout` accept a

README.md

@@ -14,26 +14,83 @@ hooks for controlling what occurs when authentication succeeds or fails.
 
 ---
 
-<p align="center">
+<div align="center">
   <sup>Sponsors</sup>
   <br>
-  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=passport_js&utm_source=github"><img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/workos.png"></a><br/>
-  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=passport_js&utm_source=github"><b>Your app, enterprise-ready.</b><br/>Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months.</a>
+  <!-- Auth0 -->
+  <div>
+    <a href="https://auth0.com/">
+      <picture>
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0.png" media="(prefers-color-scheme: light)">
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0-dark.png" media="(prefers-color-scheme: dark)">
+        <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/auth0.svg" width="275">
+      </picture>
+      <p>
+        <b>Simple Authentication</b>
+        <br>
+        Make login our problem. Not yours.
+      </p>
+    </a>
+    <p>Auth0 by Okta provides a simple and customizable login page to authenticate your users. You can dynamically add new capabilities to it - including social login, multi-factor authentication, or passkeys - without making changes to your app’s code.</p>
+    <p>We help protect your app and your users from attacks - defending your application from bot attacks and detecting runtime anomalies based on suspicious IPs, breached credentials, user context, and more.</p>
+  </div>
   <br>
+  <!-- WorkOS -->
+  <div>
+    <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=passport_js&utm_source=github">
+      <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/workos.png">
+      <p>
+        <b>Your app, enterprise-ready.</b>
+        <br>
+        Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months.
+      </p>
+    </a>
+  </div>
   <br>
-  <a href="https://www.descope.com/?utm_source=PassportJS&utm_medium=referral&utm_campaign=oss-sponsorship">
-    <picture>
-      <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope-dark.svg">
-      <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg">
-      <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg" width="275">
-    </picture>
-  </a><br/>
-  <a href="https://www.descope.com/?utm_source=PassportJS&utm_medium=referral&utm_campaign=oss-sponsorship"><b>Drag and drop your auth</b><br/>Add authentication and user management to your consumer and business apps with a few lines of code.</a>
+  <!-- Descope -->
+  <div>
+    <a href="https://www.descope.com/?utm_source=PassportJS&utm_medium=referral&utm_campaign=oss-sponsorship">
+      <picture>
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg" media="(prefers-color-scheme: light)">
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope-dark.svg" media="(prefers-color-scheme: dark)">
+        <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg" width="275">
+      </picture>
+      <p>
+        <b>Drag and drop your auth</b>
+        <br>
+        Add authentication and user management to your consumer and business apps with a few lines of code.
+      </p>
+    </a>
+  </div>
   <br>
+  <!-- FusionAuth -->
+  <div>
+    <a href="https://fusionauth.io/?utm_source=passportjs&utm_medium=referral&utm_campaign=sponsorship">
+      <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/fusionauth.png" width="275">
+      <p>
+        <b>Auth. Built for Devs, by Devs</b>
+        <br>
+        Add login, registration, SSO, MFA, and a bazillion other features to your app in minutes. Integrates with any codebase and installs on any server, anywhere in the world.
+      </p>
+    </a>
+  </div>
   <br>
-  <a href="https://fusionauth.io/?utm_source=passportjs&utm_medium=referral&utm_campaign=sponsorship"><img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/fusionauth.png" width="275"></a><br/>
-  <a href="https://fusionauth.io/?utm_source=passportjs&utm_medium=referral&utm_campaign=sponsorship"><b>Auth. Built for Devs, by Devs</b><br/>Add login, registration, SSO, MFA, and a bazillion other features to your app in minutes. Integrates with any codebase and installs on any server, anywhere in the world.</a>
-</p>
+  <!-- Stytch -->
+  <div>
+    <a href="https://stytch.com?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=passportjs">
+      <picture>
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch.png" media="(prefers-color-scheme: light)">
+        <source srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch-dark.png" media="(prefers-color-scheme: dark)">
+        <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/stytch.png" width="275">
+      </picture>
+      <p>
+        <b>API-first AuthN, AuthZ, and Fraud Prevention</b>
+        <br>
+        The most powerful identity platform built for developers. Easily build and secure a modern auth flow with user & org management, multi-tenant SSO, MFA, RBAC, device fingerprinting, and more.
+      </p>
+    </a>
+  </div>
+</div>
 
 ---
 

lib/middleware/authenticate.js

@@ -250,7 +250,16 @@ module.exports = function authenticate(passport, name, options, callback) {
         }
         if (options.assignProperty) {
           req[options.assignProperty] = user;
-          return next();
+          if (options.authInfo !== false) {
+            passport.transformAuthInfo(info, req, function(err, tinfo) {
+              if (err) { return next(err); }
+              req.authInfo = tinfo;
+              next();
+            });
+          } else {
+            next();
+          }
+          return;
         }
 
         req.logIn(user, options, function(err) {

lib/sessionmanager.js

@@ -86,8 +86,15 @@ SessionManager.prototype.logOut = function(req, options, cb) {
       }
       if (options.keepSessionInfo) {
         merge(req.session, prevSession);
+        req.session.save(function(err) {
+          if (err) {
+            return cb(err);
+          }
+          cb();
+        });
+      } else {
+        cb();
       }
-      cb();
     });
   });
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "passport",
-  "version": "0.6.0",
+  "version": "0.7.0",
   "description": "Simple, unobtrusive authentication for Node.js.",
   "keywords": [
     "express",

test/authenticator.middleware.test.js

@@ -245,6 +245,55 @@ describe('Authenticator', function() {
         expect(request.account.username).to.equal('jaredhanson');
       });
 
+      it('should set authInfo to empty object', function() {
+        expect(request.authInfo).to.deep.equal({});
+      });
+    });
+
+    describe('handling a request with authInfo disabled', function() {
+      function Strategy() {
+      }
+      Strategy.prototype.authenticate = function(req) {
+        var user = { id: '1', username: 'jaredhanson' };
+        this.success(user);
+      };
+
+      var passport = new Authenticator();
+      passport.use('success', new Strategy());
+
+      var request, error;
+
+      before(function(done) {
+        chai.connect.use(passport.authorize('success', { authInfo: false }))
+          .req(function(req) {
+            request = req;
+
+            req.logIn = function(user, options, done) {
+              this.user = user;
+              done();
+            };
+          })
+          .next(function(err) {
+            error = err;
+            done();
+          })
+          .dispatch();
+      });
+
+      it('should not error', function() {
+        expect(error).to.be.undefined;
+      });
+
+      it('should not set user', function() {
+        expect(request.user).to.be.undefined;
+      });
+
+      it('should set account', function() {
+        expect(request.account).to.be.an('object');
+        expect(request.account.id).to.equal('1');
+        expect(request.account.username).to.equal('jaredhanson');
+      });
+
       it('should not set authInfo', function() {
         expect(request.authInfo).to.be.undefined;
       });

test/middleware/authenticate.success.test.js

@@ -98,6 +98,55 @@ describe('middleware/authenticate', function() {
       expect(request.account.username).to.equal('jaredhanson');
     });
 
+    it('should set authInfo to empty object', function() {
+      expect(request.authInfo).to.deep.equal({});
+    });
+  });
+
+  describe('success that assigns a specific property with authInfo disabled', function() {
+    function Strategy() {
+    }
+    Strategy.prototype.authenticate = function(req) {
+      var user = { id: '1', username: 'jaredhanson' };
+      this.success(user);
+    };
+
+    var passport = new Passport();
+    passport.use('success', new Strategy());
+
+    var request, error;
+
+    before(function(done) {
+      chai.connect.use(authenticate(passport, 'success', { assignProperty: 'account', authInfo: false }))
+        .req(function(req) {
+          request = req;
+
+          req.logIn = function(user, options, done) {
+            this.user = user;
+            done();
+          };
+        })
+        .next(function(err) {
+          error = err;
+          done();
+        })
+        .dispatch();
+    });
+
+    it('should not error', function() {
+      expect(error).to.be.undefined;
+    });
+
+    it('should not set user', function() {
+      expect(request.user).to.be.undefined;
+    });
+
+    it('should set account', function() {
+      expect(request.account).to.be.an('object');
+      expect(request.account.id).to.equal('1');
+      expect(request.account.username).to.equal('jaredhanson');
+    });
+
     it('should not set authInfo', function() {
       expect(request.authInfo).to.be.undefined;
     });