Skip to content

Commit

Permalink
feat: request authorizers with null identitySource should return 401 (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
rion18 authored Nov 26, 2022
1 parent 2461af1 commit 48c5a18
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 7 deletions.
5 changes: 4 additions & 1 deletion src/events/http/createAuthScheme.js
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,12 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
}

if (authorization === undefined) {
throw new Error(
log.error(
`Identity Source is null for ${identitySourceType} ${identitySourceField} (λ: ${authFunName})`,
)
return Boom.unauthorized(
'User is not authorized to access this resource',
)
}

const identityValidationExpression = new RegExp(
Expand Down
96 changes: 90 additions & 6 deletions tests/integration/request-authorizer/request-authorizer.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -78,6 +79,19 @@ describe('request authorizer tests', () => {
path: '/user1-header',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user1-header',
status: 401,
},
].forEach(doTest)
})

Expand Down Expand Up @@ -106,7 +120,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -116,6 +131,19 @@ describe('request authorizer tests', () => {
path: '/user1-querystring?query1=fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5c',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user1-querystring',
status: 401,
},
].forEach(doTest)
})

Expand Down Expand Up @@ -152,7 +180,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -166,6 +195,19 @@ describe('request authorizer tests', () => {
path: '/user2-header',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user2-header',
status: 401,
},
].forEach(doTest)
})

Expand Down Expand Up @@ -194,7 +236,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -204,6 +247,19 @@ describe('request authorizer tests', () => {
path: '/user2-querystring?query2=fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5c',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user2-querystring',
status: 401,
},
].forEach(doTest)
})

Expand Down Expand Up @@ -240,7 +296,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -254,6 +311,19 @@ describe('request authorizer tests', () => {
path: '/user2simple-header',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user2simple-header',
status: 401,
},
].forEach(doTest)
})

Expand Down Expand Up @@ -282,7 +352,8 @@ describe('request authorizer tests', () => {
},

{
description: 'should fail with an Unauthorized error',
description:
'should fail with an Unauthorized error when identity source is explicitly not handled',
expected: {
error: 'Unauthorized',
message: 'Unauthorized',
Expand All @@ -292,6 +363,19 @@ describe('request authorizer tests', () => {
path: '/user2simple-querystring?query2simple=fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5c',
status: 401,
},

{
description:
'should fail with an Unauthorized error when identity source is not present on the request',
expected: {
error: 'Unauthorized',
message: 'User is not authorized to access this resource',
statusCode: 401,
},
options: {},
path: '/user2simple-querystring',
status: 401,
},
].forEach(doTest)
})
})

0 comments on commit 48c5a18

Please sign in to comment.