From 9cd24641008a1a8459a4cdd68eeeea775332248c Mon Sep 17 00:00:00 2001 From: Greg Guthe Date: Tue, 29 Aug 2017 13:05:14 -0400 Subject: [PATCH] fix test failures due to error middleware ordering --- server/src/middleware/csrf.js | 9 ++++----- server/src/server.js | 8 +++++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/server/src/middleware/csrf.js b/server/src/middleware/csrf.js index 3269a31b3c..6b8e960d60 100644 --- a/server/src/middleware/csrf.js +++ b/server/src/middleware/csrf.js @@ -1,3 +1,4 @@ +const assert = require("assert"); const csrf = require("csurf"); const mozlog = require("../logging").mozlog("csrf-middleware"); const { captureRavenException } = require("../ravenclient"); @@ -24,12 +25,10 @@ exports.csrf = function(req, res, next) { next(); }; -exports.csrfErrorHandler = function(err, req, res, next) { - if (err.code !== "EBADCSRFTOKEN") { - next(); - } +exports.csrfErrorResponse = function(err, req, res) { + assert(err.code === "EBADCSRFTOKEN", "Returning csrf response for non-csrf error code."); mozlog.info("bad-csrf", {id: req.ip, url: req.url}); res.status(403); res.type("text"); - res.send("Bad CSRF Token") + res.send("Bad CSRF Token"); }; diff --git a/server/src/server.js b/server/src/server.js index 93f2814afa..643037775a 100644 --- a/server/src/server.js +++ b/server/src/server.js @@ -30,7 +30,7 @@ const dbschema = require("./dbschema"); const express = require("express"); const bodyParser = require('body-parser'); const contentDisposition = require("content-disposition"); -const { csrf, csrfProtection, csrfErrorHandler } = require("./middleware/csrf"); +const { csrf, csrfProtection, csrfErrorResponse } = require("./middleware/csrf"); const morgan = require("morgan"); const linker = require("./linker"); const { randomBytes } = require("./helpers"); @@ -1064,8 +1064,6 @@ require("./jobs").start(); addRavenErrorHandler(app); -app.use(csrfErrorHandler); - app.use(function(err, req, res, next) { if (err.isAppError) { let { statusCode, headers, payload } = err.output; @@ -1087,6 +1085,10 @@ app.use(function(err, req, res, next) { res.send(res.message); return; } + if (err.code === "EBADCSRFTOKEN") { + csrfErrorResponse(err, req, res); + return; + } errorResponse(res, "General error:", err); });