fix: Fixes for auto-detecting presence of authorization header.

When 'authorization' header is present, there needs to be a space after the scheme, or nothing after the scheme.
exegesis-js · May 16, 2018 · a01be9b · a01be9b
1 parent c7186db
commit a01be9b
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -65,15 +65,18 @@ function defaultIsPresent(context: ExegesisPluginContext, info: AuthenticatorInf
         answer = false;
     } else if(info.scheme) {
         let authorization = context.req.headers['authorization'];
+        const scheme = info.scheme.toLowerCase();
         if(authorization === null || authorization === undefined) {
             answer = false;
         } else {
             if(!Array.isArray(authorization)) {
                 authorization = [authorization];
             }
-            answer = authorization.some(authHeader =>
-                authHeader.slice(0, info.scheme!.length).toLowerCase() === info.scheme!.toLowerCase()
-            );
+            answer = authorization.some(authHeader => {
+                const normalizedHeader = authHeader.toLowerCase();
+                return normalizedHeader === scheme ||
+                    normalizedHeader.startsWith(`${scheme} `);
+            });
         }
     }