Allow bearer auth in header using sessionToken (#6276)

keystonejs · Aug 9, 2021 · 3a7a06b · 3a7a06b
1 parent 8a640ec
commit 3a7a06b
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/.changeset/four-turkeys-hide.md b/.changeset/four-turkeys-hide.md
@@ -0,0 +1,6 @@
+---
+'@keystone-next/keystone': minor
+'@keystone-next/api-tests-legacy': minor
+---
+
+Added option for `Bearer` token auth when using session.
diff --git a/packages/keystone/src/session/index.ts b/packages/keystone/src/session/index.ts
@@ -87,11 +87,12 @@ export function statelessSessions<T>({
   }
   return {
     async get({ req }) {
-      if (!req.headers.cookie) return;
-      let cookies = cookie.parse(req.headers.cookie);
-      if (!cookies[TOKEN_NAME]) return;
+      const cookies = cookie.parse(req.headers.cookie || '');
+      const bearer = req.headers.authorization?.replace('Bearer ', '');
+      const token = bearer || cookies[TOKEN_NAME];
+      if (!token) return;
       try {
-        return await Iron.unseal(cookies[TOKEN_NAME], secret, ironOptions);
+        return await Iron.unseal(token, secret, ironOptions);
       } catch (err) {}
     },
     async end({ res }) {

diff --git a/tests/api-tests/auth-header.test.ts b/tests/api-tests/auth-header.test.ts
@@ -118,8 +118,7 @@ describe('Auth testing', () => {
   });
 
   describe('logged in', () => {
-    // eslint-disable-next-line jest/no-disabled-tests
-    test.skip(
+    test(
       'Allows access with bearer token',
       runner(async ({ context, graphQLRequest }) => {
         for (const [listKey, data] of Object.entries(initialData)) {