Now allows users with invalid tokens to access public resources

jaxoncreed · jaxoncreed · commit 8e2e4358a871 · 2019-04-23T10:58:11.000-04:00
diff --git a/lib/api/authn/webid-oidc.js b/lib/api/authn/webid-oidc.js
@@ -31,7 +31,16 @@ function initialize (app, argv) {
   app.use('/', middleware(oidc))
 
   // Perform the actual authentication
-  app.use('/', oidc.rs.authenticate())
+  app.use('/', async (req, res, next) => {
+    oidc.rs.authenticate()(req, res, (err) => {
+      // Error handling should be deferred to the ldp in case a user with a bad token is trying
+      // to access a public resource
+      if (err) {
+        req.authError = err
+      }
+      next()
+    })
+  })
 
   // Expose session.userId
   app.use('/', (req, res, next) => {
diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js
@@ -66,7 +66,7 @@ function allow (mode, checkPermissionsForDirectory) {
         }
       }
     }
-    const error = await req.acl.getError(userId, mode)
+    const error = req.authError || await req.acl.getError(userId, mode)
     debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`)
     next(error)
   }

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ function allow (mode, checkPermissionsForDirectory) {`
`66`	`66`	`}`
`67`	`67`	`}`
`68`	`68`	`}`
`69`		`- const error = await req.acl.getError(userId, mode)`
	`69`	`+ const error = req.authError \|\| await req.acl.getError(userId, mode)`
`70`	`70`	debug(`${mode} access denied to ${userId \|\| '(none)'}: ${error.status} - ${error.message}`)
`71`	`71`	`next(error)`
`72`	`72`	`}`