node.jsnestjspassport-saml

Manually initiate login session using NestJS and Passport


I'm looking for a way to programatically log in a fake user for development purposes. The end goal is that I open the app for demo/development purposes and there's a fake user forcibly logged in(this is turned off in production)

Currently, I have 3 sets of middleware running:

  1. express-session - Sets up the session and session storage provider
  2. Some custom middleware I wrote that just appends my dev user to req.session.user
  3. passport-saml middleware that checks to see if a user is authenticated, and kicks them over to the SSO provider if not.

Right now, I can add some more middleware between 1 and 3 and see that my fake user is persisting in the session(at least for the duration of the request, anyway). However, clearly I'm not doing something that the passport-saml middleware is expecting to see because regardless of what I set in the session it always thinks I'm unauthenticated and redirects me to the SSO provider.

The first layer of middleware(express-session) looks like this:

session({
  secret: config.get('SESSION_SECRET'),
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7,
  },
  store,
  resave: true,
  saveUninitialized: false,
});

The second layer of middleware looks like this:

(req: Request, _: Response, next: NextFunction): void => {
  req.session.user = adminUser;
}

And the third layer of middleware is just passport middleware.

I did try calling req.logIn in step 2, but I got a message saying passport.initialize() middleware not in use.


Solution

  • nestjs-session with a custom passport strategy turned out to be the solution