search

johnbrett / hapi-auth-bearer-token

Simple Bearer authentication scheme plugin for hapi, accepts token by Header, Cookie or Query parameter.
MIT License
218 stars 46 forks source link

Undefined token passed to validate function #147

Closed randyxli closed 6 years ago

randyxli commented 6 years ago

In version 4.3.1 with default options, I noticed that when the Authorization header is just Bearer, the token parameter that is passed to the validate function is undefined. Looking through the code, it seems to me that this is the case for current master as well. Although this behavior is reasonable, I wonder if it would be more appropriate to reply with Boom.unauthorized? I don't see how not having a token should ever result in a successful authentication, so it would be convenient for the middleware to handle that case.

johnbrett commented 6 years ago

Nice spot, and agreed. Will update this.

johnbrett commented 6 years ago

This is fixed in v 6.0.1 Thanks for creating the issue 👍

randyxli commented 6 years ago

No problem, thanks for the quick fix!