Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

Crashes when Bearer token is blank in BearerStrategy #473

Closed
jthorel opened this issue Feb 6, 2020 · 0 comments · Fixed by #474
Closed

Crashes when Bearer token is blank in BearerStrategy #473

jthorel opened this issue Feb 6, 2020 · 0 comments · Fixed by #474

Comments

@jthorel
Copy link
Contributor

jthorel commented Feb 6, 2020

Version: 4.2.1

If the Authorization header is formed as: Authorization: Bearer
(that is, just a blankspace after "Bearer") the token will be an empty string and will crash the server in the authenticate method.

The issue is here:

passport-azure-ad/lib/bearerstrategy.js

Line 529 in 48d44bb

self.failWithLog('In Strategy.prototype.authenticate: missing access_token in the header');

It should return:

return self.failWithLog('In Strategy.prototype.authenticate: missing access_token in the header');
@jthorel jthorel mentioned this issue Feb 6, 2020
Merged
jasonnutter added a commit that referenced this issue Aug 20, 2020
@jasonnutter
Merge pull request #474 from jthorel/dev
49ea01d 
Fix #473 - crash if bearer token is blank
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #473 - crash if bearer token is blank jthorel/passport-azure-ad-1
1 participant
@jthorel