We help IT Professionals succeed at work.

“No authorization token was found”, even though url is in exclude list

740 Views
Last Modified: 2017-11-28
am trying to lock a node.js express website down for all routes except login, forget password, etc. I am able to hit the login page, forgotpassword, etc.; however, when I try to hit the reset password page by clicking on a link in an email of the form, http://localhost:3000/resetpassword?ua=55d48e9b2467717e1042e100f7f71990a04088a1c4eed26a67e7567993, I keep getting the "No authorization token was found" error. This route is in the unless list so I do not understand why it is falling through? Could it have an issue with the querystring parameter and if so what is the correct syntax?

Route Handler for Rest Calls
app.use('/api', expressJwt({secret: process.env.AUTH_KEY,
  credentialsRequired: true,
  }).unless({path: [{ url: '/api/forgotpassword', methods: ['PUT'] }, 
  { url: '/api/login', methods: ['POST', 'PUT'] },
  { url: '/api/resetpassword', methods: ['PUT'] }]} ));

Open in new window


Route Handler for the rest of the site

app.use('/', expressJwt({secret: process.env.AUTH_KEY,
  credentialsRequired: true,
  getToken: function fromHeaderOrQuerystring (req) {
    if (req.headers.authorization && req.headers.authorization.split(' ')[0].toLowerCase() === 'bearer') {
        return req.headers.authorization.split(' ')[1];
    } else if (req.query && req.query.token) {
        return req.query.token;
    }

    return null;
  }}).unless({path: [{ url: '/forgotpassword', methods: ['GET'] }, 
  { url: '/login', methods: ['GET'] },
  { url: '/index', methods: ['GET'] },
  { url: /\/css\/*/, methods: ['GET'] },
  { url: /\/js\/*/, methods: ['GET'] },
  { url: /\/images\/*/, methods: ['GET'] },
  { url: '/resetpassword', methods: ['GET'] },
  { url: '/forgotpasswordconfirmation', methods: ['GET'] }]} ));

Open in new window


Any help would be greatly appreciated.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2004
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions