fix(auth): exclude returnTo from passport reset

We patch passport with the code from https://github .com/jaredhanson/passport/pull/941, which excludes session.returnTo from reset on login. Fixes https://github.com/hedgedoc/hedgedoc/issues/4466 Co-authored-by: Graham White <graham_alton@hotmail.com> Signed-off-by: David Mehren <git@herrmehren.de>
2024-11-23 02:06:29 -05:00 · 2024-08-31 13:37:42 +02:00 · 2024-08-31 13:37:42 +02:00 · ef7373f744
commit ef7373f744
parent c5fa3bcfc4
2 changed files with 16 additions and 1 deletions
--- a/.yarn/patches/passport-npm-0.7.0-df02531736.patch
+++ b/.yarn/patches/passport-npm-0.7.0-df02531736.patch
@ -0,0 +1,15 @@
+diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js
+index 81b59b1d155314e90f3b59a0528d27d71c08e20d..db98d487b720b2d6528ed00b098f373ec636173e 100644
+--- a/lib/sessionmanager.js
+++ b/lib/sessionmanager.js
+@@ -36,7 +36,9 @@ SessionManager.prototype.logIn = function(req, user, options, cb) {
+       }
+       if (options.keepSessionInfo) {
+         merge(req.session, prevSession);
+-      }
+      } else if (options.successReturnToOrRedirect && prevSession.returnTo) {
+        req.session.returnTo = prevSession.returnTo;
+      }      
+       if (!req.session[self._key]) {
+         req.session[self._key] = {};
+       }
--- a/package.json
+++ b/package.json
@ -71,7 +71,7 @@
    "morgan": "1.10.0",
    "mysql2": "3.11.0",
    "node-fetch": "2.7.0",
-    "passport": "0.7.0",
+    "passport": "patch:passport@npm%3A0.7.0#~/.yarn/patches/passport-npm-0.7.0-df02531736.patch",
    "passport-dropbox-oauth2": "1.1.0",
    "passport-facebook": "3.0.0",
    "passport-github": "1.1.0",