From 21e69f0c14a91171f713768e6321f59a834b75b6 Mon Sep 17 00:00:00 2001 From: andrey-abramow Date: Fri, 23 Nov 2018 18:11:27 +0200 Subject: [PATCH] Fix: treat empty access token string as undefined Fix AccessToken's method tokenIdForRequest to treat an empty string as if no access token was provided. This is needed to accomodate the changes made in loopback-datasource-juggler@2.56.0. --- common/models/access-token.js | 5 +++++ test/access-token.test.js | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/common/models/access-token.js b/common/models/access-token.js index 860ef53e..38aad785 100644 --- a/common/models/access-token.js +++ b/common/models/access-token.js @@ -209,6 +209,11 @@ module.exports = function(AccessToken) { if (typeof id === 'string') { // Add support for oAuth 2.0 bearer token // http://tools.ietf.org/html/rfc6750 + + // To prevent Error: Model::findById requires the id argument + // with loopback-datasource-juggler 2.56.0+ + if (id === '') continue; + if (id.indexOf('Bearer ') === 0) { id = id.substring(7); // Decode from base64 diff --git a/test/access-token.test.js b/test/access-token.test.js index 7e4363eb..d12f17ab 100644 --- a/test/access-token.test.js +++ b/test/access-token.test.js @@ -200,6 +200,16 @@ describe('loopback.token(options)', function() { .end(done); }); + it('should generate a 401 on a current user literal route with empty authToken', + function(done) { + var app = createTestApp(null, done); + request(app) + .get('/users/me') + .set('authorization', '') + .expect(401) + .end(done); + }); + it('should generate a 401 on a current user literal route with invalid authToken', function(done) { var app = createTestApp(this.token, done);