Merge remote-tracking branch 'origin/master'

2019-03-14 18:11:08 -04:00
parent 18ea5de8aa 41b888c9e0
commit e71e36eb5f
4 changed files with 15 additions and 3 deletions
--- a/src/api/middlewares/client.ts
+++ b/src/api/middlewares/client.ts
@ -11,6 +11,17 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
      try {
         let client_id = req.query.client_id || req.body.client_id;
         let client_secret = req.query.client_secret || req.body.client_secret;
+                                                               
+         if(!client_id && !client_secret && req.headers.authorization) {
+            let header = req.headers.authorization;
+            let [type, val] = header.split(" ");
+            if(val) {
+               let str = Buffer.from(val, "base64").toString("utf-8");
+               let [id, secret] = str.split(":");
+               client_id = id;
+               client_secret = secret;
+            }
+         }

         if (!client_id || (!client_secret && checksecret)) {
            throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST);
--- a/src/api/oauth/auth.ts
+++ b/src/api/oauth/auth.ts
@ -46,7 +46,7 @@ const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Res

         let permissions: IPermission[] = [];
         if (scope) {
-            let perms = (<string>scope).split(";").map(p => new ObjectID(p));
+            let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
            permissions = await Permission.find({ _id: { $in: perms } })

            if (permissions.length != perms.length) {