check function issue when not passing arguments #40
Description
So I am using the example provided and noticed I can do a get request on the '/user' endpoint without being logged in. To my understanding this should not happen because the check() middleware function is being called. This is the endpoint in the app:
app.get('/user', oidc.check(), function(req, res, next){ res.send('<h1>User Page</h1><div><a href="/client">See registered clients of user</a></div>'); });
Upon further investigation, it appears that check() function is calling next() if no arguments are passed. The issue starts on line 1022:
if(!scopes.length) { next(); }
If the if/else statement is removed everything seems to work fine. If this is not an issue, or I am just not understanding properly please let me know.
EDIT: I am continuing to work on this code and have now realized that what I mentioned above as a fix probably is not a good solution. However, inside the check() function the 'loggedIn' policy is set to false:
self.use({policies: {loggedIn: false}, models:['access', 'auth']})
The documentation mentions the function is used to check if the user is logged in. Is setting this to true the correct answer?