/** * Module dependencies. */ var pause = require('pause') , util = require('util') , Strategy = require('passport-strategy'); /** * `SessionStrategy` constructor. * * @api public */ function SessionStrategy(options, deserializeUser) { if (typeof options == 'function') { deserializeUser = options; options = undefined; } options = options || {}; Strategy.call(this); this.name = 'session'; this._key = options.key || 'passport'; this._deserializeUser = deserializeUser; } /** * Inherit from `Strategy`. */ util.inherits(SessionStrategy, Strategy); /** * Authenticate request based on the current session state. * * The session authentication strategy uses the session to restore any login * state across requests. If a login session has been established, `req.user` * will be populated with the current user. * * This strategy is registered automatically by Passport. * * @param {Object} req * @param {Object} options * @api protected */ SessionStrategy.prototype.authenticate = function(req, options) { if (!req.session) { return this.error(new Error('Login sessions require session support. Did you forget to use `express-session` middleware?')); } options = options || {}; var self = this, su; if (req.session[this._key]) { su = req.session[this._key].user; } if (su || su === 0) { // NOTE: Stream pausing is desirable in the case where later middleware is // listening for events emitted from request. For discussion on the // matter, refer to: https://github.com/jaredhanson/passport/pull/106 var paused = options.pauseStream ? pause(req) : null; this._deserializeUser(su, req, function(err, user) { if (err) { return self.error(err); } if (!user) { delete req.session[self._key].user; } else { var property = req._userProperty || 'user'; req[property] = user; } self.pass(); if (paused) { paused.resume(); } }); } else { self.pass(); } }; /** * Expose `SessionStrategy`. */ module.exports = SessionStrategy;