Fixed auth.required
Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos
This commit is contained in:
Fabian Arndt
20
lib/index.js
20
lib/index.js
@ -17,12 +17,15 @@ function noQsMethod (options) {
|
||||
}
|
||||
}
|
||||
|
||||
let auth_timeout = null;
|
||||
if (options.required) {
|
||||
auth_timeout = setTimeout(function () {
|
||||
socket.disconnect('unauthorized');
|
||||
}, options.timeout || 5000);
|
||||
}
|
||||
|
||||
socket.on('authenticate', function (data) {
|
||||
if (options.required) {
|
||||
let auth_timeout = setTimeout(function () {
|
||||
socket.disconnect('unauthorized');
|
||||
}, options.timeout || 5000);
|
||||
|
||||
clearTimeout(auth_timeout);
|
||||
}
|
||||
|
||||
@ -30,13 +33,12 @@ function noQsMethod (options) {
|
||||
const onError = function (err, code) {
|
||||
if (err) {
|
||||
code = code || 'unknown';
|
||||
|
||||
const error = new UnauthorizedError(code, {
|
||||
message: (Object.prototype.toString.call(err) === '[object Object]' && err.message) ? err.message : err
|
||||
});
|
||||
|
||||
let callback_timeout;
|
||||
// If callback explicitely set to false, start timeout to disconnect socket
|
||||
// If callback explicitly set to false, start timeout to disconnect socket
|
||||
if (options.callback === false || typeof options.callback === 'number') {
|
||||
if (typeof options.callback === 'number') {
|
||||
if (options.callback < 0) {
|
||||
@ -113,6 +115,10 @@ function noQsMethod (options) {
|
||||
function authorize (options, onConnection) {
|
||||
options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options);
|
||||
|
||||
if (typeof options.secret !== 'string') {
|
||||
throw new Error(`Provided secret "${options.secret}" is invalid, must be of type string.`)
|
||||
}
|
||||
|
||||
if (!options.handshake) {
|
||||
return noQsMethod(options);
|
||||
}
|
||||
@ -163,7 +169,7 @@ function authorize (options, onConnection) {
|
||||
if (options.auth_header_required && !token) {
|
||||
return auth.fail(new UnauthorizedError('missing_authorization_header', {
|
||||
message: 'Server requires Authorization Header'
|
||||
}), data, accept);
|
||||
}), socket, accept);
|
||||
}
|
||||
|
||||
// Get the token from handshake or query string
|
||||
|
||||
Reference in New Issue
Block a user