Skip to content

ensureAuthorized token promise bug #1

New issue
New issue
Open
Open
ensureAuthorized token promise bug#1
Assignees
SeanCannon
@SeanCannon

Description

@SeanCannon
SeanCannon
opened on Jul 29, 2024

node-authenticator/src/middleware/ensureAuthorized/index.js

Line 161 in 4d2a3f4

const token = sign(decoded, MASTER_PRIVATE_KEY.replace(/\\n/g, '\n'), {

This code is broken. sign returns a promise but it's being assigned to token. Needs to be refactored like this :

          const maybeOfferNewTokenHeader = () => Promise.resolve()
            .then(() => MASTER_PRIVATE_KEY ? sign(
              decoded,
              MASTER_PRIVATE_KEY.replace(/\\n/g, '\n'), {
                algorithm : 'RS256',
                expiresIn : process.env.JWT_TTL || '20s'
              }) : req.get('x-auth-token')
            )
            .then(token => {
              res.set('x-auth-token', token);
            });

          return Promise.resolve(secret)
            .then(verifyRSJWT(verify)(token))
            .then(maybeOfferNewTokenHeader)
            .then(setReqUser)
            .then(() => continueWithErrorIfNotPermitted(axios, checkPermission)(decoded, req, next));

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions