Commit Graph

49 Commits

Author SHA1 Message Date
José F. Romaniello
b78156dc91 Merge pull request #69 from Daedalus11069/daedalus11069-patch-optional-async
Make .disconnect() async call optional
2016-06-21 14:46:19 +02:00
José F. Romaniello
2d3e292268 Merge pull request #86 from bartlomiej-korpus/master
fix TypeError when authenticate is sent with null
2016-06-21 14:35:26 +02:00
Kristóf Poduszló
729d5530be Added ability to use a custom decodedPropertyName 2016-06-15 08:25:40 +02:00
bartlomiej-korpus
64ed562d05 fix TypeError when authenticate is sent with null 2016-05-26 21:12:47 +02:00
Daedalus11069
0fa2cc2590 Make async call of .disconnect() optional 2015-12-25 19:48:58 -08:00
Damian Fortuna
e094d231b2 Add ability to generate secret dynamically
This allow you to pass a function instead of an string in order to
generate secret based on the new connection features.
2015-11-18 18:49:55 -03:00
gfetco
170c23306f Validation
on socket authenticate, should check that the data.token exists and if it is the desired type? 
socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
2015-11-01 20:44:25 +01:00
Pieter Jan De Smedt
dac693930b fix(lib/index.js) return auth.success
Next step would not execute because no function(socket, next) was returned in case of successful verification in the 'one roundtrip' (handshake) approach.
Returning auth.success instead of just executing it solves this.

Fixes #51
2015-10-08 14:06:33 +02:00
José F. Romaniello
09eea1d043 add tests for namespace configuration 2015-08-31 11:04:13 -03:00
Marcel Chastain
43f7427407 add support for namespace authentication
fixes #32
2015-07-18 19:23:02 -07:00
seppen
1ac2a8da44 fixed var name 2015-07-05 19:57:24 +03:00
José F. Romaniello
84cc16cf49 Merge branch 'master' of https://github.com/dbrugne/socketio-jwt into dbrugne-master
Conflicts:
	lib/index.js
2015-05-29 09:00:34 -03:00
José F. Romaniello
9b234c44a8 set required defaults to true 2015-05-29 08:52:14 -03:00
José F. Romaniello
f7ecb4ea6f Merge branch 'master' of https://github.com/ddamerell53/socketio-jwt into ddamerell53-master 2015-05-29 08:46:17 -03:00
José F. Romaniello
4cf0651e88 minor 2015-05-17 22:05:00 -03:00
Nikita Gusakov
34c64c73e1 Use native comparison instead of regexp 2015-05-18 03:24:42 +03:00
dbrugne
f5a84eb9bb Add an "additionnal" option (Function(decoded, onSuccess, onError)). When the token is parser and validated the callback is triggered and allow addition of extra logic (e.g. validate the user status against database).
Improve returned errors.
2015-05-07 11:49:00 +02:00
dbrugne
346b4d7aa1 Make .disconnect() call asynchronous to allow client to receive error message. 2015-05-06 19:11:16 +02:00
dbrugne
b053356c5e Send 'error' event with error details in case of not received or invalid token. 2015-05-06 17:56:12 +02:00
David Damerell
9389672a9d Added optional authentication and the ability to call another function to further validate the token
* Optional authentication is useful when you wish to serve both secure and unsecured services via the same server socket
* The ability to specify an additional function to be called to further validate the token is useful when you wish to be able to expire tokens for some reason
2014-10-24 17:01:53 +01:00
Vadim Kazakov
139843467b add data to UnauthorizedError so that more information can be returned to client 2014-07-16 14:12:18 -06:00
Oscar
29b3882355 Make it look for both kinds of query
add a check on req.query along with req._query for different versions
2014-06-06 13:09:06 -05:00
Oscar
452cc19a87 req._query is now req.query
Not sure exactly when this happened, but i had to make this change for my versions of node/js
2014-06-06 12:28:11 -05:00
José F. Romaniello
3484a429ed fixed all broken tests with socket.io 1.0, close #10 2014-06-05 15:45:41 -03:00
José F. Romaniello
e8380c10b8 add support for socket.io 1.0 2014-06-03 08:12:07 -03:00
José F. Romaniello
54a33c260c change user to decoded_token 2014-01-14 17:44:03 -03:00
José F. Romaniello
b292ab75af change the API 2014-01-14 08:30:39 -03:00
José F. Romaniello
b0f4354ecb add noqs method 2014-01-13 18:41:10 -03:00
José F. Romaniello
14a34ae380 initial commit after fork of passport-socketio 2014-01-13 16:00:21 -03:00
Screeny
95fb0fba7c emit error on store-error
this could've saved me some work.
next time i'll better check if redis is online.
2013-12-03 15:20:14 +01:00
José F. Romaniello
bd0980e3ab Merge pull request #36 from TeamSynergy/cors_workaround
Cors workaround
2013-11-21 03:21:46 -08:00
Screeny
f31dc4a93e step 1 2013-11-19 10:45:09 +01:00
Amir
599a614b4c fixed a security issue 2013-11-18 18:06:52 +03:30
Screeny
3c9f23e31e a little simpler 2013-11-15 10:47:51 +01:00
Screeny
fd4214eac9 close socket.io by default 2013-11-15 10:41:53 +01:00
Screeny
2a3cfdb8ff thanks to @chill117
we can't check undefined for undefined
2013-11-14 21:48:01 +01:00
Screeny
928cd508ff major changes
passport.socketio now lets the user decide whether to accept a
connection or not. to do so, you have tu provide your own 'fail'-method.
this will be called unless the user is successfuly authenticated (still
uses the 'success'-method). The method will be called with four
parameters:
- data: <Object> Handshake Data
- message <String> Error-Message
- critical <Bool> True if the User is and will be unable to use
socket.io because of errors in the authorization-system or somewhere
else. False if the user would still be able to use the system (indicates
that he's just not logged-in)
- accept: <function> plain old accept function.
If there's no fail-method given, passport.socketio allows every
not-critical-failed connection.
Also there is now a 'logged_in' <Bool>-Property inside your User-Key.
2013-11-06 18:19:00 +01:00
José F. Romaniello
4b999812f1 fix missing { 2013-06-30 16:44:46 -03:00
Richard Assar
efef45309f Allow 0 value for serialized user (id) 2013-06-30 20:06:21 +01:00
José F. Romaniello
04ea36fdd3 remove connect and cookie dependency 2013-06-05 08:38:33 -03:00
Michael Robinson
012bdbeb8c Update lib/index.js
Change default cookie key.
2013-02-15 23:49:56 +13:00
Jose F. Romaniello
66dd460070 fix #6 use same parameters than express.session 2013-02-05 19:15:04 -03:00
Jose F. Romaniello
a1e46b1fbd fix bug calling both success and accept 2013-01-07 11:30:15 -03:00
Jose F. Romaniello
79878b036c refactorize to use xtend 2013-01-07 10:40:52 -03:00
Jose F. Romaniello
3dc3096b15 add basic integration tests 2012-11-16 12:43:12 -03:00
Kevin Caffrey
d8c7c0ed7d Don't pass error message on failed accepts due to not being logged in, or the client gets 500s when they should get 403s 2012-11-16 03:58:33 -05:00
Bradley Olson
f62a93c9d2 added option of success or fail callbacks. Needed to still allow users access to sockets even if they weren't logged in, but needed specific data if they were. 2012-10-26 11:13:28 -05:00
elisee
a9ea73390d Use sessionKey over hard-coded "express.sid"
The sessionKey argument was ignored and "express.sid" was always used
instead.
2012-09-09 20:31:05 +03:00
Jose F. Romaniello
678d4ccd6c initial 2012-09-05 15:14:36 -03:00