Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

done is not a function. bearerstrategy.js:149 #112

Closed
dhodgin opened this issue Jun 9, 2016 · 3 comments
Closed

done is not a function. bearerstrategy.js:149 #112

dhodgin opened this issue Jun 9, 2016 · 3 comments

Comments

@dhodgin
Copy link

dhodgin commented Jun 9, 2016

I'm building a single page app to use AzureAD and i'm using adal-angular client side with passport-azure-ad server side

When I try to use the BearerStrategy it fails.

the BearerStrategy wraps the original passport-http-bearer and calls it internally like this

BearerStrategy.call(this, util._extend({}, opts, { passReqToCallback: true }), jwtVerify);

the jwtVerify function expects 3 arguments (req, token, done)

the req object doesn't get passed in and as a result the token and done function get shifted left. internally in jwtVerify req is the token and token is the done callback and done is undefined

this causes the jws.decode(token) to fail when it tries to decode the token because 'token' is a function.

If i change the jwtVerify function to remove req and just do (token, done) it still fails with TypeError: Invalid hex string

TypeError: Invalid hex string
    at TypeError (native)
    at Buffer.write (buffer.js:594:21)
    at fromString (buffer.js:113:26)
    at new Buffer (buffer.js:58:12)
    at Object.exports.getElement.exports.getFirstElement.exports.originalURL.exports.merge.exports.uid.exports.rsaPublicKeyPem

rsaPublicKeyPem uses new Buffer and that's where it fails when i ignore the missing req object for jwtVerify()
@dhodgin
Copy link
Author

dhodgin commented Jun 9, 2016

failure in exports.rsaPublicKeyPem in aadutils.js is on line 155

const derB64 = new Buffer(encodedPubkey, 'hex').toString('base64');

@dhodgin
Copy link
Author

dhodgin commented Jun 10, 2016

found the problem.
util._extend({}, opts, { passReqToCallback: true })
util._extend only takes 2 arguments. That means passReqToCallback: true is being dropped everytime if your own options don't set it. The default doesn't apply.

fix is to reduce util._extend() to util._extend(opts, { passReqToCallback: true }) since opts is set to the supplied options or initialized to an empty object at the top. req will then be passed properly to jwtVerify()

I'll make a PR shortly for this (I still get the invalid hex string error once this is fixed though. will investigate that next)

@dhodgin
Copy link
Author

dhodgin commented Jun 10, 2016

see util source code: https://github.com/defunctzombie/node-util/blob/master/util.js#L572 for confirmation _extend only accepts 2 arguments.

brandwe added a commit that referenced this issue Jun 10, 2016
@brandwe
Merge pull request #116 from dhodgin/issue112
9033a28 
fix BearerStrategy.call _extend leaving out req. fixes #112
@yarandoo yarandoo mentioned this issue Jul 7, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dhodgin