“No authorization token was found”, even though url is in exclude list
am trying to lock a node.js express website down for all routes except login, forget password, etc. I am able to hit the login page, forgotpassword, etc.; however, when I try to hit the reset password page by clicking on a link in an email of the form, http://localhost:3000/resetpassword?ua=55d48e9b2467717e1042e100f7f71990a04088a1c4eed26a67e7567993, I keep getting the "No authorization token was found" error. This route is in the unless list so I do not understand why it is falling through? Could it have an issue with the querystring parameter and if so what is the correct syntax?
Route Handler for Rest Calls
Route Handler for the rest of the site
Any help would be greatly appreciated.
Route Handler for Rest Calls
app.use('/api', expressJwt({secret: process.env.AUTH_KEY,
credentialsRequired: true,
}).unless({path: [{ url: '/api/forgotpassword', methods: ['PUT'] },
{ url: '/api/login', methods: ['POST', 'PUT'] },
{ url: '/api/resetpassword', methods: ['PUT'] }]} ));
Route Handler for the rest of the site
app.use('/', expressJwt({secret: process.env.AUTH_KEY,
credentialsRequired: true,
getToken: function fromHeaderOrQuerystring (req) {
if (req.headers.authorization && req.headers.authorization.split(' ')[0].toLowerCase() === 'bearer') {
return req.headers.authorization.split(' ')[1];
} else if (req.query && req.query.token) {
return req.query.token;
}
return null;
}}).unless({path: [{ url: '/forgotpassword', methods: ['GET'] },
{ url: '/login', methods: ['GET'] },
{ url: '/index', methods: ['GET'] },
{ url: /\/css\/*/, methods: ['GET'] },
{ url: /\/js\/*/, methods: ['GET'] },
{ url: /\/images\/*/, methods: ['GET'] },
{ url: '/resetpassword', methods: ['GET'] },
{ url: '/forgotpasswordconfirmation', methods: ['GET'] }]} ));
Any help would be greatly appreciated.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Premium Content
You need an Expert Office subscription to comment.Start Free Trial