Moved fetchUserInfo call to authorization.js middleware. Catch fetchUserInfo exceptions, causing invalided session to be stuck

controllers/status.js

@@ -21,7 +21,7 @@ module.exports = {
      * @param res
      */
     get: async (req, res) => {
-        const user = req.oidc ? await req.oidc.fetchUserInfo() : { email: 'admin' };
+        const user = req.oidc ? req.user : { email: 'admin' };
 
         res.render('status', {
             baseUrl: req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : '',

controllers/voucher.js

@@ -77,7 +77,7 @@ module.exports = {
                 return;
             }
 
-            const user = req.oidc ? await req.oidc.fetchUserInfo() : { email: null };
+            const user = req.oidc ? req.user : { email: null };
             const voucherNote = `${req.body['voucher-note'] !== '' ? req.body['voucher-note'] : ''}||;;||web||;;||${req.oidc ? 'oidc' : 'local'}||;;||${req.oidc ? user.email.split('@')[1].toLowerCase() : ''}`;
 
             // Create voucher code

controllers/vouchers.js

@@ -59,7 +59,7 @@ module.exports = {
             return;
         }
 
-        const user = req.oidc ? await req.oidc.fetchUserInfo() : { email: 'admin' };
+        const user = req.oidc ? req.user : { email: 'admin' };
 
         res.render('voucher', {
             baseUrl: req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : '',

middlewares/authorization.js

@@ -51,6 +51,15 @@ module.exports = {
         // Check if OIDC is enabled then verify user status
         if(variables.authOidcEnabled) {
             oidc = req.oidc.isAuthenticated();
+
+            // Retrieve user info/verify user session is still valid
+            req.user = await req.oidc.fetchUserInfo().catch(() => {
+                res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
+            });
+
+            if(!req.user) {
+                return;
+            }
         }
 
         // Check if user is authorized by a service