From ea747711c3899a20641390fa4a894b39191e4328 Mon Sep 17 00:00:00 2001
From: Nick O'Leary <nick.oleary@gmail.com>
Date: Fri, 28 Jun 2024 10:24:51 +0100
Subject: [PATCH] Allow auth cookie name to be customised

---
 .../@node-red/editor-api/lib/auth/index.js     | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/packages/node_modules/@node-red/editor-api/lib/auth/index.js b/packages/node_modules/@node-red/editor-api/lib/auth/index.js
index c5e1d93c7..30ff06756 100644
--- a/packages/node_modules/@node-red/editor-api/lib/auth/index.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/index.js
@@ -182,6 +182,10 @@ function genericStrategy(adminApp,strategy) {
             maxAge: null,
             ...settings.httpAdminCookieOptions
         }
+        if (sessionOptions.cookie.name){
+            sessionOptions.name = sessionOptions.cookie.name
+            delete sessionOptions.cookie.name
+        }
     }
     adminApp.use(session(sessionOptions));
     //TODO: all passport references ought to be in ./auth
@@ -217,10 +221,10 @@ function genericStrategy(adminApp,strategy) {
     adminApp.get('/auth/strategy',
         passport.authenticate(strategy.name, {
             session:false,
-            failureMessage: true,
-            failureRedirect: settings.httpAdminRoot + '?session_message=Login Failed'
+            failWithError: true,
+            failureMessage: true
         }),
-        completeGenerateStrategyAuth,
+        completeGenericStrategyAuth,
         handleStrategyError
     );
 
@@ -232,14 +236,14 @@ function genericStrategy(adminApp,strategy) {
         passport.authenticate(strategy.name, {
             session:false,
             failureMessage: true,
-            failureRedirect: settings.httpAdminRoot + '?session_message=Login Failed'
+            failWithError: true
         }),
-        completeGenerateStrategyAuth,
+        completeGenericStrategyAuth,
         handleStrategyError
     );
 
 }
-function completeGenerateStrategyAuth(req,res) {
+function completeGenericStrategyAuth(req,res) {
     var tokens = req.user.tokens;
     delete req.user.tokens;
     // Successful authentication, redirect home.
@@ -249,6 +253,8 @@ function handleStrategyError(err, req, res, next) {
     if (res.headersSent) {
         return next(err)
     }
+    // Remove the header that passport auto-adds as we don't need it
+    res.removeHeader('WWW-Authenticate')
     log.audit({event: "auth.login.fail.oauth",error:err.toString()});
     res.redirect(settings.httpAdminRoot + '?session_message='+err.toString());
 }