hapi-auth-cookie: throws error when reading cookies to access locked content

[satnam-sandhu]

I have used hapi-auth-cookie to save cookies and create sessions. Some part is locked and the user not allowed to access it without authentication. When the user is not logged in he is successfully redirected to the login route. After authentication when the user clicks on the same link again it throws an error most probably while processing the cookie.This is session registration:

plugin.auth.strategy('session', 'cookie', {
    password: 'hapissajafdhafdjahyfjkdgsyjasfydukfeyafdheavjdfaejmyfdja',
    cookie: 'sid-cuboid',
    redirectTo: '/',
    isSecure: false,
    validateFunc: function(request, session) {
        var cached = cache.get(session.sid);
        var out = {
            valid: !!cached
        };

        if (out.valid) {
            out.credentials = cached.account;
        }

        return out;
    }
});

This is my route:

plugin.route({
        method: 'GET',
        path: '/edit/{courseName}/{testNo}/{plunkId}',
        config: {
            auth: {
                strategy: 'session'

            },
            plugins: {
                'hapi-auth-cookie': {
                    redirectTo: '/'
                }
            }
        },
        handler: function(request, reply) {
            var server = this.config.server;
            var param = request.params;
            var courseName = request.params.courseName;
            var context = {
                "url": {
                    "run": ""
                }
            };
            reply.view("editor", context);
        }
    });

This the error i am getting:

Debug: internal, implementation, error 
    TypeError: Uncaught error: Cannot read property 'apply' of undefined
    at bound (domain.js:280:13)
    at runBound (domain.js:293:12)
    at /home/satnam-sandhu/Workstation/cuboid.io/node_modules/glue/node_modules/hoek/lib/index.js:858:22
    at doNTCallback0 (node.js:419:9)
    at process._tickDomainCallback (node.js:389:13)

NOTE: i am using nodejs@4.2.2 and hapi-auth-cookie@6.1.1
This is the link to this question in stack overflow.

[SkaterDad]

@satnam-sandhu The error you are experiencing is because the validateFunc is not correct for the version of hapi-auth-cookie you are using.

Here is a link to the older version of the "example/index.js" in this repo from the version 6 days, along with the validateFunc snippet:

        validateFunc: function (request, session, callback) {

            cache.get(session.sid, (err, cached) => {

                if (err) {
                    return callback(err, false);
                }

                if (!cached) {
                    return callback(null, false);
                }

                return callback(null, true, cached.account);
            });
        }

Note the 3rd "callback" argument, which takes 3 arguments:

• error if present, otherwise null
• boolean value saying if the user is valid and allowed to be authenticated
• credentials object which gets stored on the cookie

I see on StackOverflow that you removed the function to resolve your errors, but that introduces potential security issues in your application. I hope you are able to re-implement this function.

Are you able to upgrade to Node 8+, hapi v17, and hapi-auth-cookie v8? There are a lot of security and performance improvements, and documentation will be easier to come by.

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.