all files / express-stormpath/lib/helpers/ xsrf-validator.js

18.18% Statements 2/11
0% Branches 0/9
0% Functions 0/1
18.18% Lines 2/11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22                                       
'use strict';
 
var writeJsonError = require('./write-json-error');
 
module.exports = function (req, res, next) {
  var error = 'Invalid XSRF token';
  var token = req.headers['x-xsrf-token'] || (req.body && req.body.xsrfToken) || (req.query && req.query.xsrfToken);
 
  if (token === req.accessToken.body.xsrfToken) {
    return next();
  }
 
  if (req.accepts(['html', 'json']) === 'html') {
    var url = req.app.get('stormpathConfig').web.login.uri + '?next=' + encodeURIComponent(req.originalUrl);
 
    res.locals.error = error;
    return res.redirect(302, url);
  }
 
  writeJsonError(res, { status: 401, message: 'Invalid XSRF token' });
};