You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per #6 (comment), one needs to pass false or null to the done callback when the user could not be deserialized in order for passport to invalidate the session.
The typescript types however provide this interface:
which makes it impossible to pass false or null, one must pass either a TUser or undefined.
Passing undefined doesn't trigger the session invalidation code in authenticator.js:340 because the checks are done for ===null or ===false:
// a valid user existed when establishing the session, but that user has
// since been removed
if (user === null || user === false) { return done(null, false); }
Expected behavior
I expect to be able to use strict typescript or pass undefined to the done() callback and passport should interpret this correctly.
Actual behavior
Typescript error is shown, passing undefined doesn't work either.
Steps to reproduce
Setup a typescript project with passport+mongoose, in deserializeUser do:
passport.deserializeUser<UserDocument,string>((id,done)=>{// Find the user based on its id in the cookie.User.findById(id).then((user)=>{done(null,user);<--stricttypescripterror: "Argument of type 'UserDocument | null' is not assignable to parameter of type 'UserDocument | undefined'.
Type 'null' is notassignabletotype'UserDocument | undefined'.ts(2345)"
return;}).catch((e)=>{console.error('Failed to get user:',e);done(e,undefined);});});
Sad workaround
Disabling strict typescript with "strict": false in tsconfig.json makes the code above works as expected.
Potential fix
Have authenticator.js check for user === undefined as well or change typescript types to accept a boolean or null as types for TUser params. I am not sure which one you'd prefer, I am not being super familiar with the whole typescript ecosystem so I'd gladly rely on people with more experience to make a decision.
Environment
Operating System: OS X Catalina 10.15.4
Node version: v12.16.2
passport version: passport@0.4.1
The text was updated successfully, but these errors were encountered:
This is not a bug in passport, which is javascript-only and does not not include Typescript definitions. @types/passport is a third party package to provide type definitions — which are currently wrong: as you say, passport actually accepts null or false, not undefined. It is part of DefinitelyTyped, so that repo is the right place to report issues. In this particular case, there is already an open PR to fix the types.
As per #6 (comment), one needs to pass
false
ornull
to thedone
callback when the user could not be deserialized in order for passport to invalidate the session.The typescript types however provide this interface:
which makes it impossible to pass
false
ornull
, one must pass either aTUser
orundefined
.Passing
undefined
doesn't trigger the session invalidation code inauthenticator.js:340
because the checks are done for===null
or===false
:Expected behavior
I expect to be able to use strict typescript or pass
undefined
to thedone()
callback and passport should interpret this correctly.Actual behavior
Typescript error is shown, passing
undefined
doesn't work either.Steps to reproduce
Setup a typescript project with passport+mongoose, in deserializeUser do:
Sad workaround
Disabling strict typescript with
"strict": false
intsconfig.json
makes the code above works as expected.Potential fix
Have
authenticator.js
check foruser === undefined
as well or change typescript types to accept a boolean or null as types for TUser params. I am not sure which one you'd prefer, I am not being super familiar with the whole typescript ecosystem so I'd gladly rely on people with more experience to make a decision.Environment
The text was updated successfully, but these errors were encountered: