Fix #88 - Pass errors to next in express

auth0 · Dec 19, 2019 · 5554db7 · 5554db7
1 parent 98641f7
commit 5554db7
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/lib/samlp.js b/lib/samlp.js
@@ -136,7 +136,11 @@ module.exports.auth = function(options) {
 
     function execute (postUrl, audience, req, res, next) {
       var user = opts.getUserFromRequest(req);
-      if (!user) return res.send(401);
+      if (!user) {
+        const err = new Error('SAML unauthorized');
+        err.status = 401;
+        return next(err);
+      }
 
       opts.audience = audience;
       opts.postUrl = postUrl;
@@ -176,8 +180,12 @@ module.exports.auth = function(options) {
       }
 
       opts.getPostURL(audience, samlRequestDom, req, function (err, postUrl) {
-        if (err) { return res.send(500, err); }
-        if (!postUrl) { return res.send(401); }
+        if (err) { return next(err); }
+        if (!postUrl) {
+          const error = new Error('SAML unauthorized error, postUrl not received');
+          error.status = 401;
+          return next(error);
+        }
 
         execute(postUrl, audience, req, res, next);
       });

diff --git a/test/fixture/server.js b/test/fixture/server.js
@@ -63,7 +63,7 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function(err){
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
@@ -85,7 +85,7 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function (err) {
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
@@ -99,12 +99,16 @@ module.exports.start = function(options, callback){
       key:                credentials.key
     }, module.exports.options))(req, res, function (err) {
       if (err) {
-        return res.send(400, err.message);
+        return res.send(err.status || 400, err.message);
       } 
       next();
     });
   });
 
+  app.use(function (error, req, res, next) {
+    return res.status(error.status || 500).send(error.message);
+  });
+
   var server = http.createServer(app).listen(5050, callback);
   module.exports.close = server.close.bind(server);
 };