verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

access-token: add option "searchDefaultTokenKeys" 

Set this option to false to prevent AccessToken from checking default
places like "access_token" in query.
This commit is contained in:
Owen Brotherwood 2015-04-29 13:45:22 +02:00 committed by Miroslav Bajtoš
parent b283458a6f
commit 86ed4721a5
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
common/models/access-token.js
View File

@ -168,9 +168,12 @@ module.exports = function(AccessToken) {
var length;
var id;
params = params.concat(['access_token']);
headers = headers.concat(['X-Access-Token', 'authorization']);
cookies = cookies.concat(['access_token', 'authorization']);
// https://github.com/strongloop/loopback/issues/1326
if (options.searchDefaultTokenKeys !== false) {
params = params.concat(['access_token']);
headers = headers.concat(['X-Access-Token', 'authorization']);
cookies = cookies.concat(['access_token', 'authorization']);
}
for (length = params.length; i < length; i++) {
var param = params[i];

1
server/middleware/token.js
View File

@ -61,6 +61,7 @@ function escapeRegExp(str) {
* @property {Array} [cookies] Array of cookie names.
* @property {Array} [headers] Array of header names.
* @property {Array} [params] Array of param names.
* @property {Boolean} [searchDefaultTokenKeys] Use the default search locations for Token in request
* @property {Function|String} [model] AccessToken model name or class to use.
* @property {String} [currentUserLiteral] String literal for the current user.
* @header loopback.token([options])