From ef7373f74452fcbe43af5ab26e5901b03c9c37e0 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 31 Aug 2024 13:37:42 +0200 Subject: [PATCH] fix(auth): exclude returnTo from passport reset We patch passport with the code from https://github .com/jaredhanson/passport/pull/941, which excludes session.returnTo from reset on login. Fixes https://github.com/hedgedoc/hedgedoc/issues/4466 Co-authored-by: Graham White Signed-off-by: David Mehren --- .yarn/patches/passport-npm-0.7.0-df02531736.patch | 15 +++++++++++++++ package.json | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 .yarn/patches/passport-npm-0.7.0-df02531736.patch diff --git a/.yarn/patches/passport-npm-0.7.0-df02531736.patch b/.yarn/patches/passport-npm-0.7.0-df02531736.patch new file mode 100644 index 000000000..9118a2948 --- /dev/null +++ b/.yarn/patches/passport-npm-0.7.0-df02531736.patch @@ -0,0 +1,15 @@ +diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js +index 81b59b1d155314e90f3b59a0528d27d71c08e20d..db98d487b720b2d6528ed00b098f373ec636173e 100644 +--- a/lib/sessionmanager.js ++++ b/lib/sessionmanager.js +@@ -36,7 +36,9 @@ SessionManager.prototype.logIn = function(req, user, options, cb) { + } + if (options.keepSessionInfo) { + merge(req.session, prevSession); +- } ++ } else if (options.successReturnToOrRedirect && prevSession.returnTo) { ++ req.session.returnTo = prevSession.returnTo; ++ } + if (!req.session[self._key]) { + req.session[self._key] = {}; + } diff --git a/package.json b/package.json index 4893bfaad..c16d2600b 100644 --- a/package.json +++ b/package.json @@ -71,7 +71,7 @@ "morgan": "1.10.0", "mysql2": "3.11.0", "node-fetch": "2.7.0", - "passport": "0.7.0", + "passport": "patch:passport@npm%3A0.7.0#~/.yarn/patches/passport-npm-0.7.0-df02531736.patch", "passport-dropbox-oauth2": "1.1.0", "passport-facebook": "3.0.0", "passport-github": "1.1.0",