From 7a2e5bdf1e5326eeb618cab8fb7e4fdc23c23e2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Nov 2022 12:33:31 -0800
Subject: [PATCH] chore(deps): bump passport from 0.4.0 to 0.6.0 (#31)

* chore(deps): bump passport from 0.4.0 to 0.6.0

Bumps [passport](https://github.com/jaredhanson/passport) from 0.4.0 to 0.6.0.
- [Release notes](https://github.com/jaredhanson/passport/releases)
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jaredhanson/passport/compare/v0.4.0...v0.6.0)

---
updated-dependencies:
- dependency-name: passport
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: use `keepSessionInfo` to maintain session

The passport.js changes in `0.6.0` have breaking changes related to protecting against "Session Fixation".
- https://github.com/jaredhanson/passport/pull/900
- https://medium.com/passportjs/fixing-session-fixation-b2b68619c51d

The assumption for the fix in this commit is that our example project here only has the session storage as its storage mechanism, so we're not quite vulnerable to the same thing since the storage goes away when the local project is stopped.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jaime Lopez <31429468+DevWithTheHair@users.noreply.github.com>
---
 package-lock.json | 13 +++++++------
 package.json      |  2 +-
 server.js         |  5 ++++-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 24cf5c8..b4bfcd2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -323,18 +323,19 @@
       "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
     },
     "passport": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/passport/-/passport-0.4.0.tgz",
-      "integrity": "sha1-xQlWkTR71a07XhgCOMORTRbwWBE=",
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/passport/-/passport-0.6.0.tgz",
+      "integrity": "sha512-0fe+p3ZnrWRW74fe8+SvCyf4a3Pb2/h7gFkQ8yTJpAO50gDzlfjZUZTO1k5Eg9kUct22OxHLqDZoKUWRHOh9ug==",
       "requires": {
         "passport-strategy": "1.x.x",
-        "pause": "0.0.1"
+        "pause": "0.0.1",
+        "utils-merge": "^1.0.1"
       }
     },
     "passport-strategy": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
-      "integrity": "sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ="
+      "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA=="
     },
     "path-to-regexp": {
       "version": "0.1.7",
@@ -344,7 +345,7 @@
     "pause": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
-      "integrity": "sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10="
+      "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg=="
     },
     "proxy-addr": {
       "version": "2.0.5",
diff --git a/package.json b/package.json
index 2d11366..9b0799d 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
     "express-session": "^1.15.6",
     "node-fetch": "2.6.7",
     "openid-client": "^5.3.0",
-    "passport": "^0.4.0"
+    "passport": "^0.6.0"
   },
   "engines": {
     "node": ">=12.0"
diff --git a/server.js b/server.js
index 99e0b9d..ab3b357 100644
--- a/server.js
+++ b/server.js
@@ -155,7 +155,10 @@ app.get('/auth/cb', (req, res, next) => {
     if (err || !user) {
       return res.redirect('/login.html');
     }
-    req.logIn(user, (err) => {
+    const options = {
+      keepSessionInfo: true
+    }
+    req.logIn(user, options, (err) => {
       if (err) {
         return next(err);
       }