From ee2b0e8acdb0019c74712640dec0d9bd65d2db56 Mon Sep 17 00:00:00 2001 From: Constantin Bergatt Date: Tue, 11 Jun 2024 15:12:56 +0200 Subject: [PATCH] BC-6453 - allow also ONLY jwt in authorization header --- .../authorization-client.adapter.spec.ts | 29 +++++++++++++++++++ .../authorization-client.adapter.ts | 5 +--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts index 032e5b78e63..fa3aa9ff70b 100644 --- a/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts +++ b/apps/server/src/infra/authorization-client/authorization-client.adapter.spec.ts @@ -200,6 +200,35 @@ describe(AuthorizationClientAdapter.name, () => { ); }); + it('should forward the JWT token from authorization header even without Bearer token', async () => { + setup(); + + const request = createMock({ + headers: { + authorization: jwtToken, + }, + }); + + const adapter = new AuthorizationClientAdapter(authorizationApi, request); + + const params = { + context: { + action: Action.READ, + requiredPermissions: [], + }, + referenceType: AuthorizationBodyParamsReferenceType.COURSES, + referenceId: 'someReferenceId', + }; + const expectedOptions = { headers: { authorization: `Bearer ${jwtToken}` } }; + + await adapter.hasPermissionByReferences(params); + + expect(authorizationApi.authorizationReferenceControllerAuthorizeByReference).toHaveBeenCalledWith( + params, + expectedOptions + ); + }); + it('should throw an UnauthorizedException if no JWT token is found', async () => { const request = createMock({ headers: {}, diff --git a/apps/server/src/infra/authorization-client/authorization-client.adapter.ts b/apps/server/src/infra/authorization-client/authorization-client.adapter.ts index b4442cdbef4..46ac9eafd2d 100644 --- a/apps/server/src/infra/authorization-client/authorization-client.adapter.ts +++ b/apps/server/src/infra/authorization-client/authorization-client.adapter.ts @@ -35,10 +35,7 @@ export class AuthorizationClientAdapter { private getJWT(): string { const getJWT = ExtractJwt.fromExtractors([ExtractJwt.fromAuthHeaderAsBearerToken(), this.fromCookie('jwt')]); - let jwt = getJWT(this.request) || this.request.headers.authorization; - if (jwt?.toLowerCase()?.startsWith('bearer ')) { - [, jwt] = jwt.split(' '); - } + const jwt = getJWT(this.request) || this.request.headers.authorization; if (!jwt) { throw new UnauthorizedException('Authentication is required.');