Issue with setting endOnError : false, is throwing "Cannot read property 'getGroups' of undefined"

[danscrima]

I'm setting up an angular express app using stormpath-sdk-angularjs. The default endOnError: true isn't allowing my angular app to redirect to the login screen in two separate cases of when a user just needs to be authenticated, and also when a user needs to be authorized in a certain group. It looks like it's failing on the /api/users/current call and returning the error below.

I also do not have sp:{ waitForUser: true } set on my home state.

var spMiddleware = stormpathExpressSdk.createMiddleware({
  apiKeyId: config.stormpath.STORMPATH_API_KEY_ID,
  apiKeySecret: config.stormpath.STORMPATH_API_KEY_SECRET,
  appHref: config.stormpath.STORMPATH_APP_HREF,
  endOnError: false
});

This is what gets thrown on the server side:

TypeError: Cannot read property 'getGroups' of undefined
    at MiddlewareContext.currentUser (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/lib/middleware/currentUser.js:8:31)
    at MiddlewareContext.corsHandler (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/lib/middleware/corsHandler.js:15:3)
    at MiddlewareContext.corsPrefilter [as currentUser] (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/index.js:81:25)
    at Layer.handle [as handle_request] (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/route.js:131:13)
    at MiddlewareContext.handleAuthenticationError (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/lib/MiddlewareContext.js:122:7)
    at MiddlewareContext.authenticate (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/lib/middleware/authenticate.js:15:13)
    at MiddlewareContext.corsHandler (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/lib/middleware/corsHandler.js:15:3)
    at MiddlewareContext.corsPrefilter [as authenticate] (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/stormpath-sdk-express/index.js:81:25)
    at Layer.handle [as handle_request] (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/route.js:131:13)
    at Route.dispatch (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/layer.js:95:5)
    at /home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/index.js:277:22
    at Function.process_params (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/index.js:330:12)
    at next (/home/dscrima/whoadan/elite-technique-crossfit/node_modules/express/lib/router/index.js:271:10)

Thanks!

[robertjd]

Ah! So this is a bug that we’ll have to fix, it’s happening because endOnError allows this middleware chain to continue into the currentUser middleware, but without a user object:

https://github.com/stormpath/stormpath-sdk-express/blob/master/index.js#L118-L121

In the meantime I would work around this by writing your own /me route which uses the authenticate middleware to determine if a user was found, then call on to currentUser if it’s found. That probably looks like this (I haven’t run this code yet):

app.get('/me', spMiddleware.authenticate, function(req,res,next) {
    if(req.user){
      next();
    }else{
      // handle the error
    }
  },spMiddleware.currentUser);

Hope this helps!

[blinkcloud]

Hi there, we are running into this issue as well, req.user.addToGroup(group, function(err) {
^

TypeError: Cannot read property 'addToGroup' of undefined

[dbousamra]

Also running into this error on req.user.getApiKeys