Skip to content

fix(auth): handle GET OAuth callback with undefined req.body on Express 5 #3496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PierreBrisorgueil merged 1 commit into from
Apr 23, 2026
+20 −1
Merged

fix(auth): handle GET OAuth callback with undefined req.body on Express 5 #3496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/auth/controllers/auth.controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ const checkOAuthUserProfile = async (profil, key, provider) => {
const oauthCallback = async (req, res, next) => {
const strategy = req.params.strategy;
// app Auth with Strategy managed on client side
if (req.body.strategy === false && req.body.key) {
if (req.body?.strategy === false && req.body?.key) {
const allowedKeys = ['id', 'sub', 'email'];
if (!allowedKeys.includes(req.body.key)) {
return responses.error(res, 422, 'Unprocessable Entity', 'Invalid provider key')();
Expand Down
19 changes: 19 additions & 0 deletions modules/auth/tests/auth.integration.tests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -626,6 +626,25 @@ describe('Auth integration tests:', () => {
authenticateSpy.mockRestore();
});

test('should handle GET callback when req.body is undefined (Express 5)', async () => {
const authenticateSpy = jest.spyOn(passport, 'authenticate').mockImplementationOnce(
(strategy, callback) => () => callback(null, { id: 'mock-get-cb-user' }),
);
const cookies = {};
const redirectCalls = [];
const mockReq = { params: { strategy: 'google' } };
Copy link
Copy Markdown

@codacy-production codacy-production Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚪ LOW RISK

Nitpick: This test boilerplate for mocking the response object and tracking redirects is duplicated from lines 613-622. Extracting this into a shared helper function would simplify the test suite.

Try running the following prompt in your IDE agent:

Refactor the integration tests in modules/auth/tests/auth.integration.tests.js by creating a setupMockAuthResponse helper function that returns the cookies, redirectCalls, and mockRes object. Then, update the tests at lines 613 and 635 to use this helper.

const mockRes = {
cookie(name, val, opts) { cookies[name] = { val, opts }; return this; },
redirect(code, url) { redirectCalls.push({ code, url }); },
};

await AuthController.oauthCallback(mockReq, mockRes, () => {});

expect(cookies.TOKEN).toBeDefined();
expect(redirectCalls[0]).toMatchObject({ code: 302 });
authenticateSpy.mockRestore();
});
Comment on lines +630 to +646

test('should find an existing OAuth user via checkOAuthUserProfile', async () => {
// Create an OAuth user directly first
const createdUser = await UserService.create({
Expand Down
Loading