Fix: treat empty access token string as undefined

Fix AccessToken's method tokenIdForRequest to treat an empty string as if no access token was provided. This is needed to accomodate the changes made in loopback-datasource-juggler@2.56.0.
2018-11-23 18:11:27 +02:00 · 2018-11-23 18:11:27 +02:00 · 21e69f0c14
parent b064b6d4bf
commit 21e69f0c14
2 changed files with 15 additions and 0 deletions
--- a/common/models/access-token.js
+++ b/common/models/access-token.js
@ -209,6 +209,11 @@ module.exports = function(AccessToken) {
      if (typeof id === 'string') {
        // Add support for oAuth 2.0 bearer token
        // http://tools.ietf.org/html/rfc6750
+
+        // To prevent Error: Model::findById requires the id argument
+        // with loopback-datasource-juggler 2.56.0+
+        if (id === '') continue;
+
        if (id.indexOf('Bearer ') === 0) {
          id = id.substring(7);
          // Decode from base64
--- a/test/access-token.test.js
+++ b/test/access-token.test.js
@ -200,6 +200,16 @@ describe('loopback.token(options)', function() {
        .end(done);
    });

+  it('should generate a 401 on a current user literal route with empty authToken',
+    function(done) {
+      var app = createTestApp(null, done);
+      request(app)
+        .get('/users/me')
+        .set('authorization', '')
+        .expect(401)
+        .end(done);
+    });
+
  it('should generate a 401 on a current user literal route with invalid authToken',
    function(done) {
      var app = createTestApp(this.token, done);