joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow set user mapped from JWT directly on request (#6411)

Browse Source 
* Use user mapped from JWT for Auth

* Add a test for userFromJWT bypass

Co-authored-by: Gordon Sun <gordon.sun@pipe17.com>
This commit is contained in:
Gordon Sun
2020-04-03 15:09:37 -07:00
committed by GitHub
parent 81b22b21b5
commit b08571774f
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
spec/Middlewares.spec.js
View File

@@ -356,4 +356,15 @@ describe('middlewares', () => {
middlewares.DEFAULT_ALLOWED_HEADERS middlewares.DEFAULT_ALLOWED_HEADERS
); );
}); });
it('should use user provided on field userFromJWT', done => {
AppCache.put(fakeReq.body._ApplicationId, {
masterKey: 'masterKey',
});
fakeReq.userFromJWT = 'fake-user';
middlewares.handleParseHeaders(fakeReq, fakeRes, () => {
expect(fakeReq.auth.user).toEqual('fake-user');
done();
});
});
}); });

11
src/middlewares.js
View File

@@ -183,6 +183,17 @@ export function handleParseHeaders(req, res, next) {
delete info.sessionToken; delete info.sessionToken;
} }
if (req.userFromJWT) {
req.auth = new auth.Auth({
config: req.config,
installationId: info.installationId,
isMaster: false,
user: req.userFromJWT,
});
next();
return;
}
if (!info.sessionToken) { if (!info.sessionToken) {
req.auth = new auth.Auth({ req.auth = new auth.Auth({
config: req.config, config: req.config,