I'm looking for a way to programatically log in a fake user for development purposes. The end goal is that I open the app for demo/development purposes and there's a fake user forcibly logged in(this is turned off in production)
Currently, I have 3 sets of middleware running:
express-session
- Sets up the session and session storage providerreq.session.user
passport-saml
middleware that checks to see if a user is authenticated, and kicks them over to the SSO provider if not. Right now, I can add some more middleware between 1 and 3 and see that my fake user is persisting in the session(at least for the duration of the request, anyway). However, clearly I'm not doing something that the passport-saml
middleware is expecting to see because regardless of what I set in the session it always thinks I'm unauthenticated and redirects me to the SSO provider.
The first layer of middleware(express-session
) looks like this:
session({
secret: config.get('SESSION_SECRET'),
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7,
},
store,
resave: true,
saveUninitialized: false,
});
The second layer of middleware looks like this:
(req: Request, _: Response, next: NextFunction): void => {
req.session.user = adminUser;
}
And the third layer of middleware is just passport middleware.
I did try calling req.logIn
in step 2, but I got a message saying passport.initialize() middleware not in use
.
nestjs-session with a custom passport strategy turned out to be the solution