Commit Graph

28 Commits

Author SHA1 Message Date
Benjamin Kröger e4b275243f Allow built-in token middleware to run repeatedly
Add two new options:

  - When `enableDoublecheck` is true, the middleware will run
    even if a previous middleware has already set `req.accessToken`
    (possibly to `null` for anonymous requests)

  - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
    the middleware will overwrite `req.accessToken` set by a previous
    middleware instances.
2016-04-06 15:47:32 +02:00
Miroslav Bajtoš 986132d79f Add a unit-test for searchDefaultTokenKeys 2015-05-29 12:06:32 +02:00
Raymond Feng 12e19e36ea Upgrade test fixtures to use LB 2.x layout 2015-04-20 09:23:44 -07:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Raymond Feng 6ad61d6c00 Enhance the token middleware to support current user literal 2015-03-12 08:28:15 -07:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Ryan Graham fbb091e3b3 Extend AccessToken to parse Basic auth headers
Allow convenient URLs for curl and browsers such as:
 - http://some-long-token@localhost:3000/
 - http://token:some-long-token@localhost:3000/

Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.

Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2015-01-15 22:53:09 -08:00
Ryan Graham 83d8844b70 tests: fix Bearer token test 2015-01-15 22:53:09 -08:00
Rob Halff 36e1f6840c fix jscs errors 2014-11-21 03:35:36 +01:00
Rob Halff 918497c365 singlequote, semicolon & /*jshint -W030 */ 2014-11-21 02:46:21 +01:00
Miroslav Bajtoš a603ffa0f5 AccessToken: optional `options` in findForRequest
Fix `AccessToken.findForRequest` to correctly handle the case when
the options argument was omitted:

    AccessToken.findForRequest(req, cb);
2014-11-14 10:42:21 +01:00
Miroslav Bajtoš 038c6a454e middleware/token: store the token in current ctx 2014-11-11 11:04:41 +01:00
Miroslav Bajtoš b8e877c5e5 test: remove infinite timeout
The infinite timeout was useful when debugging, which is not a good
reason for keeping it around when not debugging.
2014-10-14 08:58:17 +02:00
Raymond Feng 79f504a3c7 Merge branch 'master' into 2.0 2014-07-16 09:09:07 -07:00
Raymond Feng 217c9fa348 Fix the typo and add Bearer token support
See https://github.com/strongloop/loopback/issues/333
2014-07-02 09:02:13 -07:00
Miroslav Bajtoš 56c7a6b3c5 Merge branch 'master' into 2.0
Conflicts:
	test/access-token.test.js
2014-06-16 10:20:22 +02:00
Karl Mikkelsen a90a5c7e58 Allow customization of ACL http status
emulate existing error on 404
new tests for model and app settings
Signed-off-by: Karl Mikkelsen <karl@karlmikko.com>
2014-06-14 11:31:15 +10:00
Miroslav Bajtoš ea5b9d16fc Rename DataModel to PersistedModel 2014-06-05 09:56:00 +02:00
Miroslav Bajtoš 18fd61a546 Merge branch 'master' into 2.0 2014-05-28 18:41:36 +02:00
Miroslav Bajtoš bfb154d445 Modify `loopback.rest` to include `loopback.token`
Make `loopback.rest` self-contained, so that authentication works
out of the box.

    var app = loopback();
    app.enableAuth();
    app.use(loopback.rest());

Note that cookie parsing middleware is not added, users have to
explicitly configure that if they want to store access tokens
in cookies.

Modify `loopback.token` to skip token lookup when the request already
contains `accessToken` property. This is in line with other
connect-based middleware like `cookieParser` or `json`.
2014-05-21 15:22:36 +02:00
Ritchie Martori ae2fb9dea0 !fixup use DataModel instead of Model for all data based models 2014-05-02 20:15:01 -07:00
Ritchie Martori dfcb43e613 Allow requests without auth tokens 2013-12-10 15:57:55 -08:00
Ritchie Martori 2f9403016c Initial auth implementation 2013-11-22 12:26:59 -08:00
Ritchie Martori da0545bed6 Initial auto wiring for model dataSources 2013-11-18 16:13:40 -08:00
Ritchie Martori 1de2a40e88 Update AccessToken and User relationship
- Add created default
 - Default TTLs for user login access tokens
 - Break out User / AccessToken relationship
2013-11-14 19:41:29 -08:00
Ritchie Martori 1bb95607b9 Update session / token documentation 2013-11-14 15:42:37 -08:00
Ritchie Martori 64d8ff986b Add loopback.token() middleware 2013-11-14 13:01:47 -08:00
Ritchie 77a137eca6 Rename Session => AccessToken 2013-11-14 10:05:13 -08:00