Merge pull request #361 from strongloop/feature/fix-issue-333

Fix the typo and add Bearer token support
2014-07-02 11:18:02 -07:00 · 2014-07-02 11:18:02 -07:00 · d8c3376417
parent 88a668cfe5 217c9fa348
commit d8c3376417
2 changed files with 42 additions and 2 deletions
--- a/lib/models/access-token.js
+++ b/lib/models/access-token.js
@ -209,12 +209,20 @@ function tokenIdForRequest(req, options) {
    id = req.header(headers[i]);

    if(typeof id === 'string') {
+      // Add support for oAuth 2.0 bearer token
+      // http://tools.ietf.org/html/rfc6750
+      if (id.indexOf('Bearer ') === 0) {
+        id = id.substring(7);
+        // Decode from base64
+        var buf = new Buffer(id, 'base64');
+        id = buf.toString('utf8');
+      }
      return id;
    }
  }

  if(req.signedCookies) {
-    for(i = 0, length = headers.length; i < length; i++) {
+    for(i = 0, length = cookies.length; i < length; i++) {
      id = req.signedCookies[cookies[i]];

      if(typeof id === 'string') {
--- a/test/access-token.test.js
+++ b/test/access-token.test.js
@ -12,7 +12,25 @@ describe('loopback.token(options)', function() {
      .end(done);
  });

-  it('should populate req.token from a header', function (done) {
+  it('should populate req.token from an authorization header', function (done) {
+    createTestAppAndRequest(this.token, done)
+      .get('/')
+      .set('authorization', this.token.id)
+      .expect(200)
+      .end(done);
+  });
+
+  it('should populate req.token from an X-Access-Token header', function (done) {
+    createTestAppAndRequest(this.token, done)
+      .get('/')
+      .set('X-Access-Token', this.token.id)
+      .expect(200)
+      .end(done);
+  });
+
+  it('should populate req.token from an authorization header with bearer token', function (done) {
+    var token = this.token.id;
+    token = 'Bearer '+ new Buffer(token).toString('base64');
    createTestAppAndRequest(this.token, done)
      .get('/')
      .set('authorization', this.token.id)
@ -33,6 +51,20 @@ describe('loopback.token(options)', function() {
      });
  });

+  it('should populate req.token from a header or a secure cookie', function (done) {
+    var app = createTestApp(this.token, done);
+    var id = this.token.id;
+    request(app)
+      .get('/token')
+      .end(function(err, res) {
+        request(app)
+          .get('/')
+          .set('authorization', id)
+          .set('Cookie', res.header['set-cookie'])
+          .end(done);
+      });
+  });
+
  it('should skip when req.token is already present', function(done) {
    var tokenStub = { id: 'stub id' };
    app.use(function(req, res, next) {