Reset NTLM auth state on every exit from replay loop

coditva · coditva · commit 58fe97be0e82 · 2019-12-19T16:39:48.000+05:30
diff --git a/lib/authorizer/ntlm.js b/lib/authorizer/ntlm.js
@@ -157,13 +157,18 @@ module.exports = {
             challengeMessage, // type 2
             authenticateMessage, // type 3
             ntlmType2Header,
-            parsedParameters;
+            parsedParameters,
 
-        if (response.code !== 401 && response.code !== 403) {
-            auth.set(STATE, STATES.INITIALIZED);
-            auth.set(NTLM_HEADER, undefined);
+            // resets the state and NTLM header and exits replay loop
+            resetStateAndStop = function (err) {
+                auth.set(STATE, STATES.INITIALIZED);
+                auth.set(NTLM_HEADER, undefined);
 
-            return done(null, true);
+                return done(err || null, true);
+            };
+
+        if (response.code !== 401 && response.code !== 403) {
+            return resetStateAndStop();
         }
 
         // we try to extract domain from username if not specified.
@@ -178,7 +183,7 @@ module.exports = {
             // Nothing to do if the server does not ask us for auth in the first place.
             if (!(response.headers.has(WWW_AUTHENTICATE, NTLM) ||
                   response.headers.has(WWW_AUTHENTICATE, NEGOTIATE))) {
-                return done(null, true);
+                return resetStateAndStop();
             }
 
             // Create a type 1 message to send to the server
@@ -208,13 +213,13 @@ module.exports = {
             });
 
             if (!ntlmType2Header) {
-                return done(new Error('ntlm: server did not send NTLM type 2 message'));
+                return resetStateAndStop(new Error('ntlm: server did not send NTLM type 2 message'));
             }
 
             challengeMessage = ntlmUtil.parseType2Message(ntlmType2Header.valueOf(), _.noop);
 
             if (!challengeMessage) {
-                return done(new Error('ntlm: server did not correctly process authentication request'));
+                return resetStateAndStop(new Error('ntlm: server did not correctly process authentication request'));
             }
 
             authenticateMessage = ntlmUtil.createType3Message(challengeMessage, {
@@ -233,11 +238,11 @@ module.exports = {
         }
         else if (state === STATES.T3_MSG_CREATED) {
             // Means we have tried to authenticate, so we should stop here without worrying about anything
-            return done(null, true);
+            return resetStateAndStop();
         }
 
         // We are in an undefined state
-        return done(null, true);
+        return resetStateAndStop();
     },
 
     /**
