troubleshooting Question

“No authorization token was found”, even though url is in exclude list

Avatar of rawcoder
rawcoder asked on
Web Languages and StandardsWeb DevelopmentREST
1 Comment1 Solution761 ViewsLast Modified:
am trying to lock a node.js express website down for all routes except login, forget password, etc. I am able to hit the login page, forgotpassword, etc.; however, when I try to hit the reset password page by clicking on a link in an email of the form, http://localhost:3000/resetpassword?ua=55d48e9b2467717e1042e100f7f71990a04088a1c4eed26a67e7567993, I keep getting the "No authorization token was found" error. This route is in the unless list so I do not understand why it is falling through? Could it have an issue with the querystring parameter and if so what is the correct syntax?

Route Handler for Rest Calls
app.use('/api', expressJwt({secret: process.env.AUTH_KEY,
  credentialsRequired: true,
  }).unless({path: [{ url: '/api/forgotpassword', methods: ['PUT'] }, 
  { url: '/api/login', methods: ['POST', 'PUT'] },
  { url: '/api/resetpassword', methods: ['PUT'] }]} ));

Route Handler for the rest of the site

app.use('/', expressJwt({secret: process.env.AUTH_KEY,
  credentialsRequired: true,
  getToken: function fromHeaderOrQuerystring (req) {
    if (req.headers.authorization && req.headers.authorization.split(' ')[0].toLowerCase() === 'bearer') {
        return req.headers.authorization.split(' ')[1];
    } else if (req.query && req.query.token) {
        return req.query.token;
    }

    return null;
  }}).unless({path: [{ url: '/forgotpassword', methods: ['GET'] }, 
  { url: '/login', methods: ['GET'] },
  { url: '/index', methods: ['GET'] },
  { url: /\/css\/*/, methods: ['GET'] },
  { url: /\/js\/*/, methods: ['GET'] },
  { url: /\/images\/*/, methods: ['GET'] },
  { url: '/resetpassword', methods: ['GET'] },
  { url: '/forgotpasswordconfirmation', methods: ['GET'] }]} ));

Any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros