allow api requests to be made with the access token as a query parameter

closes #6040 - adds check for access token query parameter in auth middleware
2024-12-01 13:54:35 +03:00 · 2015-11-12 11:26:18 -06:00 · 2015-11-12 11:26:18 -06:00 · 67a6b4c07b
commit 67a6b4c07b
parent 2cfc46d561
2 changed files with 18 additions and 0 deletions
--- a/core/server/middleware/auth.js
+++ b/core/server/middleware/auth.js
@ -19,6 +19,8 @@ function isBearerAutorizationHeader(req) {

    if (req.headers && req.headers.authorization) {
        parts = req.headers.authorization.split(' ');
+    } else if (req.query && req.query.access_token) {
+        return true;
    } else {
        return false;
    }
--- a/core/test/functional/routes/api/db_spec.js
+++ b/core/test/functional/routes/api/db_spec.js
@ -47,4 +47,20 @@ describe('DB API', function () {
                done();
            });
    });
+
+    it('should work with access token set as query parameter', function (done) {
+        request.get(testUtils.API.getApiQuery('db/?access_token=' + accesstoken))
+            .expect('Content-Type', /json/)
+            .expect(200)
+            .end(function (err, res) {
+                if (err) {
+                    return done(err);
+                }
+
+                var jsonResponse = res.body;
+                should.exist(jsonResponse.db);
+                jsonResponse.db.should.have.length(1);
+                done();
+            });
+    });
 });