fix

README.md

@@ -46,7 +46,7 @@ use to authorize the following requests. it also sets a cookie to make
 requesting from the client more simple. (cookie parser is needed to make
 authentication with cookies possible)
 
-the id of the logged in user will be available in `res.connection.user_id` in
+the id of the logged in user will be available in `req.connection.user_id` in
 all of the following request handlers.
 
 ### Excluding routes

index.js

@@ -39,9 +39,10 @@ function init (get_user, ignore_paths = []) {
  *
  * @param {string} user name or email of the given user
  * @param {string} password hashed password
+ * @param {any} req request object
  * @returns {Promise<string>} session key if successful
  */
-async function authenticate (user, password, response) {
+async function authenticate (user, password, req) {
   const user_entry
     = await new Promise ((res) => res (me.get_user (user)));
 
@@ -51,7 +52,7 @@ async function authenticate (user, password, response) {
   if (!await password_helper.verify (user_entry.password, password))
     return null;
 
-  response.connection.user_id = user_entry.id;
+  req.connection.user_id = user_entry.id;
 
   const session_key = crypto.sign_object (
     { id: user_entry.id },
@@ -98,11 +99,13 @@ function request_handler_block (session, user, res) {
  * @param {string} session session key
  * @param {string} user user name
  * @param {string} key user hash
+ * @param {any} req request object
  * @param {any} res response object
  * @param {any} next next handler
  * @returns {Promise<boolean>} true if handler authenticated
  */
-async function request_handler_authenticate (session, user, key, res, next) {
+// eslint-disable-next-line max-len, max-params
+async function request_handler_authenticate (session, user, key, req, res, next) {
   if (typeof session === 'undefined' && typeof user !== 'undefined') {
     if (typeof key === 'undefined') {
       const user_salt = await salt (user);
@@ -115,7 +118,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
       return true;
     }
 
-    const session_key = await authenticate (user, key);
+    const session_key = await authenticate (user, key, req);
 
     res.status (
       session_key === null
@@ -137,6 +140,7 @@ async function request_handler_authenticate (session, user, key, res, next) {
       { id: jwt.id },
       me.jwt_secret
     );
+    req.connection.user_id = jwt.id;
     res.cookie (
       me.app_id,
       new_user_token,
@@ -192,7 +196,7 @@ async function request_handler (req, res, next) {
 
   if (request_handler_block (session, user, res))
     return;
-  if (await request_handler_authenticate (session, user, key, res, next))
+  if (await request_handler_authenticate (session, user, key, req, res, next))
     return;
 
   res.status (consts.http.status_forbidden);

mock_server.js

@@ -42,7 +42,7 @@ async function start_server () {
 
   app.use ((req, res) => {
     res.status (consts.http.status_ok)
-      .end (`foo:${res.connection.user_id}`);
+      .end (`foo:${req.connection.user_id}`);
   });
 
   return new Promise ((res) => {

test/index.js

@@ -20,15 +20,12 @@ test.before (async () => {
   port = await mock_server.start_server ();
 });
 
-test.only ('login', async (t) => {
+test ('login', async (t) => {
-  console.log ('logging in');
-  console.log ('port:', port);
   const session = await client.login (
     'testuser',
     'foo',
     `http://localhost:${port}`
   );
-  console.log ('server respond');
   t.is (typeof session, 'string');
 
   const resp = await fetch (
@@ -38,7 +35,6 @@ test.only ('login', async (t) => {
 
   t.is (resp.status, consts.http.status_ok);
   t.is (await resp.text (), 'foo:69');
-  console.log ('done test');
 });
 
 test ('allow access to excluded paths', async (t) => {