rawcoder
asked on
“No authorization token was found”, even though url is in exclude list
am trying to lock a node.js express website down for all routes except login, forget password, etc. I am able to hit the login page, forgotpassword, etc.; however, when I try to hit the reset password page by clicking on a link in an email of the form, http://localhost:3000/resetpassword?ua=55d48e9b2467717e1042e100f7f71990a04088a1c4eed26a67e7567993, I keep getting the "No authorization token was found" error. This route is in the unless list so I do not understand why it is falling through? Could it have an issue with the querystring parameter and if so what is the correct syntax?
Route Handler for Rest Calls
Route Handler for the rest of the site
Any help would be greatly appreciated.
Route Handler for Rest Calls
app.use('/api', expressJwt({secret: process.env.AUTH_KEY,
credentialsRequired: true,
}).unless({path: [{ url: '/api/forgotpassword', methods: ['PUT'] },
{ url: '/api/login', methods: ['POST', 'PUT'] },
{ url: '/api/resetpassword', methods: ['PUT'] }]} ));
Route Handler for the rest of the site
app.use('/', expressJwt({secret: process.env.AUTH_KEY,
credentialsRequired: true,
getToken: function fromHeaderOrQuerystring (req) {
if (req.headers.authorization && req.headers.authorization.split(' ')[0].toLowerCase() === 'bearer') {
return req.headers.authorization.split(' ')[1];
} else if (req.query && req.query.token) {
return req.query.token;
}
return null;
}}).unless({path: [{ url: '/forgotpassword', methods: ['GET'] },
{ url: '/login', methods: ['GET'] },
{ url: '/index', methods: ['GET'] },
{ url: /\/css\/*/, methods: ['GET'] },
{ url: /\/js\/*/, methods: ['GET'] },
{ url: /\/images\/*/, methods: ['GET'] },
{ url: '/resetpassword', methods: ['GET'] },
{ url: '/forgotpasswordconfirmation', methods: ['GET'] }]} ));
Any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.