express-jwt
Advanced tools
Comparing version 7.2.0 to 7.3.0
{ | ||
"name": "express-jwt", | ||
"version": "7.2.0", | ||
"version": "7.3.0", | ||
"description": "JWT authentication middleware.", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -50,6 +50,7 @@ import * as jwt from 'jsonwebtoken'; | ||
const authorizationHeader = req.headers && 'Authorization' in req.headers ? 'Authorization' : 'authorization'; | ||
if (options.getToken && typeof options.getToken === 'function') { | ||
token = await options.getToken(req); | ||
} else if (req.headers && req.headers.authorization) { | ||
const parts = req.headers.authorization.split(' '); | ||
} else if (req.headers && req.headers[authorizationHeader]) { | ||
const parts = (req.headers[authorizationHeader] as string).split(' '); | ||
if (parts.length == 2) { | ||
@@ -56,0 +57,0 @@ const scheme = parts[0]; |
@@ -268,7 +268,13 @@ /* eslint-disable @typescript-eslint/ban-ts-comment */ | ||
it('should work if no authorization header and credentials are not required', function (done) { | ||
const req = {} as express.Request; | ||
it('should work if Authorization header is capitalized (lambda environment)', function (done) { | ||
const secret = Buffer.from('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'base64'); | ||
const token = jwt.sign({ foo: 'bar' }, secret); | ||
const req = {} as ExpressJwtRequest; | ||
const res = {} as express.Response; | ||
expressjwt({ secret: 'shhhh', algorithms: ['HS256'], credentialsRequired: false })(req, res, function (err) { | ||
assert(typeof err === 'undefined'); | ||
req.headers = {}; | ||
req.headers.Authorization = 'Bearer ' + token; | ||
expressjwt({ secret: secret, algorithms: ['HS256'] })(req, res, function (err) { | ||
if (err) { return done(err); } | ||
assert.equal(req.auth.foo, 'bar'); | ||
done(); | ||
@@ -278,2 +284,8 @@ }); | ||
it('should work if no authorization header and credentials are not required', function (done) { | ||
const req = {} as express.Request; | ||
const res = {} as express.Response; | ||
expressjwt({ secret: 'shhhh', algorithms: ['HS256'], credentialsRequired: false })(req, res, done); | ||
}); | ||
it('should not work if no authorization header', function (done) { | ||
@@ -280,0 +292,0 @@ const req = {} as express.Request; |
45605
583