configured bell to understand that https is in use in production for #8

travi-org · Mar 6, 2016 · adb16df · adb16df
1 parent dc7e878
commit adb16df
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/lib/auth/strategy.js b/lib/auth/strategy.js
@@ -1,6 +1,8 @@
 'use strict';
 
 exports.register = function (server, options, next) {
+    const secure = options.secure;
+
     server.auth.strategy('auth0', 'bell', {
         provider: 'auth0',
         password: process.env.AUTH_COOKIE_ENCRYPTION_PASSWORD,
@@ -9,7 +11,8 @@ exports.register = function (server, options, next) {
         config: {
             domain: 'travi.auth0.com'
         },
-        isSecure: !options.isLocal
+        forceHttps: secure,
+        isSecure: secure
     });
 
     next();

diff --git a/lib/manifest.js b/lib/manifest.js
@@ -1,9 +1,11 @@
 'use strict';
 
+
 const
     defaultPort = 3000,
     port = process.env.PORT || defaultPort,
-    protocol = 'production' === process.env.NODE_ENV ? 'https' : 'http';
+    isProduction = 'production' === process.env.NODE_ENV,
+    protocol = isProduction ? 'https' : 'http';
 
 module.exports = {
     connections: [{
@@ -76,7 +78,7 @@ module.exports = {
             plugin: {
                 register: './auth/strategy',
                 options: {
-                    isLocal: 'production' !== process.env.NODE_ENV
+                    secure: isProduction
                 }
             }
         },

diff --git a/test/unit/auth/strategy-test.js b/test/unit/auth/strategy-test.js
@@ -22,15 +22,15 @@ suite('authentication strategy', () => {
         const
             next = sinon.spy(),
             strategy = sinon.spy(),
-            isLocal = false,
+            secure = true,
             password = any.string(),
             clientId = any.string(),
             clientSecret = any.string();
         process.env.AUTH0_CLIENT_ID = clientId;
         process.env.AUTH0_CLIENT_SECRET = clientSecret;
         process.env.AUTH_COOKIE_ENCRYPTION_PASSWORD = password;
 
-        auth.register({auth: {strategy}}, {isLocal}, next);
+        auth.register({auth: {strategy}}, {secure}, next);
 
         assert.calledWith(strategy, 'auth0', 'bell', {
             provider: 'auth0',
@@ -40,7 +40,8 @@ suite('authentication strategy', () => {
             config: {
                 domain: 'travi.auth0.com'
             },
-            isSecure: !isLocal
+            forceHttps: secure,
+            isSecure: secure
         });
         assert.calledOnce(next);
     });