Merge pull request #14 from lawp09/feature/fix-ttmiddleware

fix: remove regex to test the access token format

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@villedemontreal/jwt-validator",
-  "version": "5.9.1",
+  "version": "5.9.2",
   "description": "Module to validate JWT (JSON Web Tokens)",
   "main": "dist/src/index.js",
   "typings": "dist/src",

src/middleware/tokenTransformationMiddleware.ts

@@ -1,16 +1,44 @@
 import { utils } from '@villedemontreal/general-utils';
 import * as express from 'express';
 import httpHeaderFieldsTyped from 'http-header-fields-typed';
+import * as _ from 'lodash';
 import { constants } from '../config/constants';
 import { ITokenTtransformationMiddlewareConfig } from '../config/tokenTransformationMiddlewareConfig';
-import { createInvalidAuthHeaderError, createInvalidJwtError } from '../models/customError';
+import { createInvalidJwtError } from '../models/customError';
 import { createLogger } from '../utils/logger';
 import superagent = require('superagent');
 
-const _regexAccessToken = /([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})/;
-
 const logger = createLogger('Token transformation middleware');
 
+/** Regex to test the UUID format of the Authorization header */
+const _regexUuidAccessToken = /([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})/;
+/** Regex to test the JWT format of the Authorization header */
+const _regexJwtAccessToken = /([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_\-+/=]+)$/;
+
+/**
+ * Validate the access_token format from authorization header and return it.
+ *
+ * @param {string} authHeader
+ * @return {*}  {string}
+ */
+const getAccessTokenFromHeader = (authHeader: string): string | null => {
+  if (authHeader.split(' ')[0] !== 'Bearer') {
+    logger.warning('The authorization header is not "Bearer" type.');
+    return null;
+  }
+  const accessTokenUuidRegExpArray = _regexUuidAccessToken.exec(authHeader);
+  const accessTokenJwtRegExpArray = _regexJwtAccessToken.exec(authHeader);
+  if (_.isNil(accessTokenUuidRegExpArray) && _.isNil(accessTokenJwtRegExpArray)) {
+    logger.warning('Could not find a valid access token from the authorization header');
+    return null;
+  }
+  if (!_.isNil(accessTokenJwtRegExpArray)) {
+    return accessTokenJwtRegExpArray[0];
+  } else {
+    return accessTokenUuidRegExpArray[0];
+  }
+};
+
 /**
  * Token transformation Middleware. It will generate extended jwt
  * in exchange for an access token.
@@ -25,25 +53,19 @@ export const tokenTransformationMiddleware: (
   return (req: express.Request, res: express.Response, next: express.NextFunction): void => {
     try {
       // Validate the authorization header
-      const authHeader: string = req.get(httpHeaderFieldsTyped.AUTHORIZATION);
+      const authHeader = req.get(httpHeaderFieldsTyped.AUTHORIZATION);
       if (utils.isBlank(authHeader)) {
-        throw createInvalidAuthHeaderError({
-          code: constants.errors.codes.INVALID_VALUE,
-          target: 'authorization_header',
-          message: 'authorization header is empty',
-        });
+        logger.warning('The authorization header is empty.');
+        next();
+        return;
       }
 
       // Extract the access token value from the authorization header
-      const accessTokenRegExpArray = _regexAccessToken.exec(authHeader);
-      if (accessTokenRegExpArray.length <= 1) {
-        throw createInvalidAuthHeaderError({
-          code: constants.errors.codes.INVALID_VALUE,
-          target: 'access_token',
-          message: 'could not find a valid access token from the authorization header',
-        });
+      const accessToken = getAccessTokenFromHeader(authHeader);
+      if (_.isNil(accessToken)) {
+        next();
+        return;
       }
-      const accessToken = accessTokenRegExpArray[1];
 
       // Call the service endpoint to exchange the access token for a extended jwt
       superagent