verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4083 from andrey-abramow/master 

Fix: treat empty access token string as undefined
This commit is contained in:
Miroslav Bajtoš 2018-11-26 13:10:03 +01:00 committed by GitHub
parent aad97c2036 71c651123f
commit da2b8d8676
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/models/access-token.js
View File

@ -125,6 +125,11 @@ module.exports = function(AccessToken) {
if (typeof id === 'string') { if (typeof id === 'string') {
// Add support for oAuth 2.0 bearer token // Add support for oAuth 2.0 bearer token
// http://tools.ietf.org/html/rfc6750 // http://tools.ietf.org/html/rfc6750
// To prevent Error: Model::findById requires the id argument
// with loopback-datasource-juggler 2.56.0+
if (id === '') continue;
if (id.indexOf('Bearer ') === 0) { if (id.indexOf('Bearer ') === 0) {
id = id.substring(7); id = id.substring(7);
if (options.bearerTokenBase64Encoded) { if (options.bearerTokenBase64Encoded) {

10
test/access-token.test.js
View File

@ -311,6 +311,16 @@ describe('loopback.token(options)', function() {
.end(done); .end(done);
}); });
it('generates a 401 on a current user literal route with empty authToken',
function(done) {
var app = createTestApp(null, done);
request(app)
.get('/users/me')
.set('authorization', '')
.expect(401)
.end(done);
});
it('generates a 401 on a current user literal route with invalid authToken', it('generates a 401 on a current user literal route with invalid authToken',
function(done) { function(done) {
var app = createTestApp(this.token, done); var app = createTestApp(this.token, done);