Reddit strategy doesn't redirect to failure URL on declined auth request

Question

Reddit strategy doesn't redirect to failure URL on declined auth request

vitosamson opened this issue 7 years ago · comments

To reproduce:

Go to https://login-with.com/login
Login with Reddit
Hit the "decline" button on the reddit auth request page

You'll get redirected to https://auth.login-with.com/reddit/callback with {"error":null,"user":false}

This is happening because in routes.js here, both error and user are falsy and so it falls through to the res.json at the end.

A solution here would probably be to change line 34 to if (error || !user) - would you accept a PR for that? I'm not sure if this is happening for other providers, I've only tested with reddit.

Vito commented 7 years ago

#34

Gerhard Preuss · Answer 1 · Thu Jul 13 2017 02:24:41 GMT+0800 (China Standard Time)

👍 Sure, PR is very welcomed! I think if (error || !user) totally makes sense. Should have a meaningful error of course...

Vito · Answer 2 · Mon Jul 17 2017 22:08:43 GMT+0800 (China Standard Time)

Hey, any chance we can get a version bump and updated docker image pushed out with this?

Gerhard Preuss · Answer 3 · Thu Jul 20 2017 04:11:05 GMT+0800 (China Standard Time)

Sure... tomorrow... promise