Fix #88 - Pass errors to next in express

Author: zxlin

lib/samlp.js

@@ -136,7 +136,11 @@ module.exports.auth = function(options) {
 
     function execute (postUrl, audience, req, res, next) {
       var user = opts.getUserFromRequest(req);
-      if (!user) return res.send(401);
+      if (!user) {
+        const err = new Error('SAML unauthorized');
+        err.status = 401;
+        return next(err);
+      }
 
       opts.audience = audience;
       opts.postUrl = postUrl;
@@ -176,8 +180,12 @@ module.exports.auth = function(options) {
       }
 
       opts.getPostURL(audience, samlRequestDom, req, function (err, postUrl) {
-        if (err) { return res.send(500, err); }
-        if (!postUrl) { return res.send(401); }
+        if (err) { return next(err); }
+        if (!postUrl) {
+          const error = new Error('SAML unauthorized error, postUrl not received');
+          error.status = 401;
+          return next(error);
+        }
 
         execute(postUrl, audience, req, res, next);
       });

test/fixture/server.js

@@ -105,6 +105,10 @@ module.exports.start = function(options, callback){
     });
   });
 
+  app.use(function (error, req, res, next) {
+    return res.status(error.status || 500).send(error.message);
+  });
+
   var server = http.createServer(app).listen(5050, callback);
   module.exports.close = server.close.bind(server);
 };