From c7f3b76b4e2e12f3596c8871c440e9715dfcf3e3 Mon Sep 17 00:00:00 2001
From: LudwikJaniuk <ludvig.janiuk@gmail.com>
Date: Tue, 4 Sep 2018 15:43:33 +0200
Subject: [PATCH] DRY req props that depend on auth (fix #6727) (#6731)

* DRY req props that depend on auth (fix #6727)

authentication leads to req.loggedIn and req.uid being set. However, a
later authentication event might outdate them. Here, I create one
function for setting those properties, and make sure it also is called
on the `action:middleware.authenticate` hook, which would be such an
authentication event. If there are other places, those should be added
as well.

* fix lint errors

* fix lint error

* change exports
---
 src/controllers/groups.js    |  4 +---
 src/middleware/user.js       |  6 +++++-
 src/routes/authentication.js | 26 ++++++++++++++------------
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/src/controllers/groups.js b/src/controllers/groups.js
index 0703915e6f..30dd604c56 100644
--- a/src/controllers/groups.js
+++ b/src/controllers/groups.js
@@ -8,7 +8,7 @@ var groups = require('../groups');
 var user = require('../user');
 var helpers = require('./helpers');
 
-var groupsController = {};
+var groupsController = module.exports;
 
 groupsController.list = function (req, res, next) {
 	var sort = req.query.sort || 'alpha';
@@ -177,5 +177,3 @@ groupsController.uploadCover = function (req, res, next) {
 		res.json([{ url: image.url }]);
 	});
 };
-
-module.exports = groupsController;
diff --git a/src/middleware/user.js b/src/middleware/user.js
index 17c52e7ca6..10983cb4f6 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -8,6 +8,8 @@ var user = require('../user');
 var privileges = require('../privileges');
 var plugins = require('../plugins');
 
+var auth = require('../routes/authentication');
+
 var controllers = {
 	helpers: require('../controllers/helpers'),
 };
@@ -22,7 +24,9 @@ module.exports = function (middleware) {
 			return plugins.fireHook('action:middleware.authenticate', {
 				req: req,
 				res: res,
-				next: next,
+				next: function (err) {
+					auth.setAuthVars(req, res, function () { next(err); });
+				},
 			});
 		}
 
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 986cc31ed7..ccb3e316e0 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -19,23 +19,25 @@ Auth.initialize = function (app, middleware) {
 	app.use(passport.initialize());
 	app.use(passport.session());
 
-	app.use(function (req, res, next) {
-		var isSpider = req.isSpider();
-		req.loggedIn = !isSpider && !!req.user;
-		if (isSpider) {
-			req.uid = -1;
-		} else if (req.user) {
-			req.uid = parseInt(req.user.uid, 10);
-		} else {
-			req.uid = 0;
-		}
-		next();
-	});
+	app.use(Auth.setAuthVars);
 
 	Auth.app = app;
 	Auth.middleware = middleware;
 };
 
+Auth.setAuthVars = function (req, res, next) {
+	var isSpider = req.isSpider();
+	req.loggedIn = !isSpider && !!req.user;
+	if (isSpider) {
+		req.uid = -1;
+	} else if (req.user) {
+		req.uid = parseInt(req.user.uid, 10);
+	} else {
+		req.uid = 0;
+	}
+	next();
+};
+
 Auth.getLoginStrategies = function () {
 	return loginStrategies;
 };