loopback

History

Aaron Buchanan fbf818b2dc Fix user-literal rewrite for anonymous requests Currently any `currentUserLiteral` routes when accessed with a bad token throw a 500 due to a SQL error that is raised because `Model.findById` is invoked with `id={currentUserLiteral}` (`id=me` in our case) when the url rewrite fails. This commit changes the token middleware to return 401 Not Authorized when the client is requesting a currentUserLiteral route without a valid access token.	2017-04-04 16:30:08 +02:00
..
middleware	Fix user-literal rewrite for anonymous requests	2017-04-04 16:30:08 +02:00

Fix user-literal rewrite for anonymous requests

Currently any `currentUserLiteral` routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
`Model.findById` is invoked with `id={currentUserLiteral}`
(`id=me` in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.

2017-04-04 16:30:08 +02:00

middleware

Fix user-literal rewrite for anonymous requests

2017-04-04 16:30:08 +02:00