search

hydra-newmedia / passport-headerapikey

Api key authentication strategy for Passport, which only handles headers (not body fields).
28 stars 6 forks source link

headerConfig.prefix should default to empty #8

Closed noahjahn closed 4 years ago

noahjahn commented 4 years ago

Not setting the headerConfig.prefix value results in the middleware function never being called.

For example, here is where I'm using the strategy:

passport.use(new HeaderAPIKeyStrategy(
    { header: 'X-Api-Key' },
    false,
    function (apikey, done) {
        console.log('hello from headerapikeystrategy');
        User.findOne({ apikey: apikey }, (err, user) => {
            if (err) {
                console.error(err);
                return done(err);
            }
            if (!user) {
                return done(null, false);
            }
            return done(null, user);
        });
    }
));

And using this strategy as express middleware: 

router.post('/login', passport.authenticate('headerapikey', { session: false }), (req, res) => {
    console.log('authenticated!');
    res.status(200).sendFormat(req, res);
});

The server always responds with 401 Unauthorized and I never see 'hello from headerapikeystrategy' printed out in the console.

To fix this, I had to pass an empty string to the headerConfig.prefix value in the constructor: 

passport.use(new HeaderAPIKeyStrategy(
    { header: 'X-Api-Key', prefix: '' },
    false,
    function (apikey, done) {
        console.log('hello from headerapikeystrategy');
        User.findOne({ apikey: apikey }, (err, user) => {
            if (err) {
                console.error(err);
                return done(err);
            }
            if (!user) {
                return done(null, false);
            }
            return done(null, user);
        });
    }
));

Not setting the prefix should default to empty.

guischdi commented 4 years ago

Hi @noahjahn Thanks a lot for your issue. Trying to fix this tomorrow.

guischdi commented 4 years ago

published as v1.2.2