fix: validate authorization schema

fastify / fastify-bearer-auth

A Fastify plugin to require bearer Authorization headers

Other

151 stars 28 forks source link

fix: validate authorization schema #167

Closed dancastillo closed 9 months ago

dancastillo commented 9 months ago

Checklist

This PR fixes issue where any string with same length as bearer passes validation ex: AAAAAA auth_key. fixes https://github.com/fastify/fastify-bearer-auth/issues/164

[x] run npm run test and npm run benchmark
[x] tests and/or benchmarks are included
[x] documentation is changed or added
[x] commit message and code follows the Developer's Certification of Origin and the Code of conduct

Uzlopak commented 9 months ago

@mcollina

Should we use @fastify/error to create FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER and FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER and use that instead? Would also be better passing them to the callback instead of native Node Errors?

mcollina commented 9 months ago

yes
as you prefer, what is there now is ok.

Uzlopak commented 9 months ago

I am ok with this. I would probably create a follow up PR in the few days to straighten this up.

olivierchatry commented 9 months ago

Is verifying authtype suppose to be case sensitive ? I'm think it should not be. Found this : https://github.com/lexik/LexikJWTAuthenticationBundle/issues/411