Timo/auth-server-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

allow bearer and other types of authorization in default handler
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Timo Hocker 2021-01-06 11:38:56 +01:00
parent df8de9e0c8
commit 5df2577e71
2 changed files with 59 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lib/AuthHandler.ts
View File

@ -37,8 +37,12 @@ class AuthRequest {
public is_basic: boolean; public is_basic: boolean;
public user: string; public user: string;
public password: string; public password: string;
public is_bearer: boolean;
public token?: string;
public token_data?: unknown; public token_data?: unknown;
public token_id?: string; public token_id?: string;
public body: string; public body: string;
private _cookie_name?: string; private _cookie_name?: string;
@ -53,6 +57,7 @@ class AuthRequest {
this.response = res; this.response = res;
this.body = body; this.body = body;
this.is_basic = false; this.is_basic = false;
this.is_bearer = false;
this.user = ''; this.user = '';
this.password = ''; this.password = '';
this._cookie_name = cookie; this._cookie_name = cookie;
@ -180,7 +185,7 @@ export default function create_auth_handler (
.exec (req.headers.authorization as string); .exec (req.headers.authorization as string);
if (token === null) { if (token === null) {
request.deny (); request.invalid ('missing authorization header');
return Promise.resolve (); return Promise.resolve ();
} }
@ -197,37 +202,42 @@ export default function create_auth_handler (
return default_handler (request); return default_handler (request);
} }
const token_data = auth.verify (token?.groups?.token as string); if ((/Bearer/ui).test (token?.groups?.type as string)) {
request.is_bearer = true;
request.token = token?.groups?.token;
if (!token_data.valid) { const token_data = auth.verify (request.token as string);
request.deny ();
if (!token_data.valid)
return default_handler (request);
request.token_data = token_data.data;
request.token_id = token_data.id;
if (
typeof options !== 'undefined'
&& typeof options.refresh !== 'undefined'
&& token_data.type === 'refresh_token'
) {
request.allow_access (options.refresh);
return Promise.resolve ();
}
if (
typeof options !== 'undefined'
&& typeof options.modules !== 'undefined'
&& token_data.type === 'part_token'
&& typeof token_data.next_module !== 'undefined'
&& Object.keys (options.modules)
.includes (token_data.next_module)
)
return options.modules[token_data.next_module] (request);
request.invalid ('invalid bearer type');
return Promise.resolve (); return Promise.resolve ();
} }
request.token_data = token_data.data; return default_handler (request);
request.token_id = token_data.id;
if (
typeof options !== 'undefined'
&& typeof options.refresh !== 'undefined'
&& token_data.type === 'refresh_token'
) {
request.allow_access (options.refresh);
return Promise.resolve ();
}
if (
typeof options !== 'undefined'
&& typeof options.modules !== 'undefined'
&& token_data.type === 'part_token'
&& typeof token_data.next_module !== 'undefined'
&& Object.keys (options.modules)
.includes (token_data.next_module)
)
return options.modules[token_data.next_module] (request);
request.invalid ('invalid bearer type');
return Promise.resolve ();
}; };
} }

25
test/spec/AuthHandler.ts
View File

@ -49,8 +49,11 @@ describe ('auth handler', () => {
let server: http.Server|null = null; let server: http.Server|null = null;
beforeAll (() => { beforeAll (() => {
const ah = create_auth_handler ((req) => { const ah = create_auth_handler ((req) => {
if (!req.is_basic) { if (!req.is_basic && !req.is_bearer) {
req.invalid ('unknown autorization type'); req.invalid ('unknown authorization type');
}
else if (req.is_bearer) {
req.deny ();
} }
else if (req.user === 'foo' && req.password === 'bar') { else if (req.user === 'foo' && req.password === 'bar') {
req.allow_access ({ req.allow_access ({
@ -170,10 +173,13 @@ describe ('auth handler', () => {
it ('should reject invalid requests', async () => { it ('should reject invalid requests', async () => {
const resp1 = await get (); const resp1 = await get ();
expect (resp1.statusCode) expect (resp1.statusCode)
.toEqual (401); .toEqual (400);
const res1 = check_headers (resp1); const res1 = check_headers (resp1);
expect (res1.data) expect (res1.data)
.toEqual ({ error: 'invalid_client' }); .toEqual ({
error: 'invalid_request',
error_description: 'missing authorization header'
});
const resp2a = await get ({ authorization: 'Basic foo:bar' }); const resp2a = await get ({ authorization: 'Basic foo:bar' });
const res2a = check_headers (resp2a); const res2a = check_headers (resp2a);
@ -237,6 +243,17 @@ describe ('auth handler', () => {
expect (res2.rt).not.toEqual (res1.rt); expect (res2.rt).not.toEqual (res1.rt);
}); });
it ('should handle any authorization type', async () => {
const resp = await get ({ authorization: 'Foo asdefg' });
expect (resp.statusCode)
.toEqual (400);
expect (JSON.parse (resp.body as string))
.toEqual ({
error: 'invalid_request',
error_description: 'unknown authorization type'
});
});
afterAll (() => { afterAll (() => {
if (server === null) if (server === null)
throw new Error ('server is null'); throw new Error ('server is null');