New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
express-accesstoken-validation
Advanced tools
express-accesstoken-validation - npm Package Compare versions
Comparing version 0.4.0 to 0.5.0
@@ -29,3 +29,5 @@ 'use strict'; | ||
| if (req.headers.authorization) { | ||
| let bearerToken = req.headers.authorization.substr(7); | ||
| const tokens = req.headers.authorization.split(', '); | ||
| const bearerTokenHeader = _.find(tokens, token => token.toLowerCase().startsWith('bearer')); | ||
| let bearerToken = bearerTokenHeader.substr(7); | ||
| let tokenParam = `?${options.tokenParam}=${bearerToken}`; | ||
@@ -32,0 +34,0 @@ var uri = urlJoin(options.validationUri, tokenParam); |
| { | ||
| "name": "express-accesstoken-validation", | ||
| "version": "0.4.0", | ||
| "version": "0.5.0", | ||
| "description": "ExpressJS middleware for remote access token validation", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -196,2 +196,27 @@ 'use strict'; | ||
| describe('With multiple tokens', function () { | ||
| it('should select the correct and call next middleware (=allow access)', function (done) { | ||
| bearerTokenValidation({ | ||
| validationUri: 'http://localhost:3000/oauth/tokenvalidation', | ||
| tokenParam: 'token' | ||
| })({ | ||
| headers: { | ||
| 'authorization': 'bearer token, policy policytoken' | ||
| }, | ||
| url: '/protected' | ||
| }, { | ||
| status: function (number) { | ||
| return { | ||
| send: function () { | ||
| statusCode = number; | ||
| } | ||
| } | ||
| } | ||
| }, function (err) { | ||
| assert.equal(err, null); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| describe('When authorization header is missing', function () { | ||
@@ -198,0 +223,0 @@ it('should return status code 401', function (done) { |
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.59%
15496
- Lines of code
- increased by10.04%
285
- Number of medium supply chain risk alerts
- decreased by-100%
0
No dependency changes