verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,107 Commits 62 Branches 176 Tags 11 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Aaron Buchanan fbf818b2dc
Fix user-literal rewrite for anonymous requests 
Currently any `currentUserLiteral` routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
`Model.findById` is invoked with `id={currentUserLiteral}`
(`id=me` in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.
 2017-04-04 16:30:08 +02:00
ebarault cf98d379c4 fix custom token model in token middleware 
Fixing server/middleware/token.js to handle correctly the
setup of a custom AccessToken model by name in either
middleware.json or using any of :
	app.use(loopback.token({...}));
	app.middlewareFromConfig(loopback.token, {...})
	app.middleware('auth', loopback.token({...})
 2017-03-06 16:10:25 +01:00
Loay 06cb481c3f Update eslint to loopback config v5 
Notable side-effects:
 - loopback no longer exports "caller" and "arguments" properties
 - kv-memory connector is now properly added to the connector registry
 - the file "test/support.js" was finally removed
 2016-11-22 14:08:02 +01:00
Carl Fürstenberg edd5275b8b Fix token middleware crash 
Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
 2016-08-17 14:44:00 +02:00
Miroslav Bajtoš b087c930ed Remove current-context API 
Change all current-context APIs to throw a helpful error.
 2016-08-10 13:43:40 +02:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Benjamin Kröger 9e0405de9f Allow built-in token middleware to run repeatedly 
Add two new options:

  - When `enableDoublecheck` is true, the middleware will run
    even if a previous middleware has already set `req.accessToken`
    (possibly to `null` for anonymous requests)

  - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
    the middleware will overwrite `req.accessToken` set by a previous
    middleware instances.
 2016-04-06 15:44:20 +02:00
Owen Brotherwood 86ed4721a5 access-token: add option "searchDefaultTokenKeys" 
Set this option to false to prevent AccessToken from checking default
places like "access_token" in query.
 2015-05-29 12:06:31 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation 
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
 2015-04-03 11:48:45 -07:00
Raymond Feng 6ad61d6c00 Enhance the token middleware to support current user literal 2015-03-12 08:28:15 -07:00
Miroslav Bajtoš 7fc66a182e Move middleware sources to `server/middleware` 
The new location allows developer to use the following identifiers
when loading the middleware using the new declarative style:

    app.middlewareFromConfig(
      require('loopback/server/middleware/rest'),
      { phase: 'routes' });

    app.middlewareFromConfig(
      require('loopback/server/middleware/url-not-found'),
      { phase: 'final' });
 2014-11-12 12:44:34 +01:00