search

stormpath / express-stormpath

Build simple, secure web applications with Stormpath and Express!
http://docs.stormpath.com/nodejs/express/
Apache License 2.0
325 stars 111 forks source link

Cookie parser is required for strompath.authenticationRequired #602

Open oshalygin opened 7 years ago

oshalygin commented 7 years ago

Came across this in my testing earlier but if you protect a route with stormpath.authenticationRequired, the authentication check will not occur if the express application didn't bring in the cookie-parser middleware via the following:


import express from 'express';
import stormpath from 'express-stormpath'
import cookieParser from 'cookie-parser'

const application = express();
application.use(cookieParser());

application.use(stormpath.init(application, stormpathConfiguration));

// This will always respond with authenticated(well reroute) if cookie-parser wasn't included.
application.get('/myAwesomeRoute', stormpath.authenticationRequired, function(req, res){ 
    res.status(200).json(someAwesomeObject);
}

Proposing to add this to the README.md as a required component right above this section: 9. Protect Your Routes

Open to making a PR if you're comfortable with the addition @robertjd

Note: The walkthrough does reference the usage of cookie-parser but it would be good to also include it here in the README. https://stormpath.com/blog/build-app-nodejs-express-passport-stormpath

robertjd commented 7 years ago

Thanks @oshalygin , we should add this to the docs!