feat(Address PR comments): Addressing PR comments

Addressing PR comments
Cimpress-MCP · Aug 3, 2017 · 5e16a5f · 5e16a5f
1 parent 86497b7
commit 5e16a5f
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 35 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,19 +1,18 @@
-language: node_js
-cache:
-  directories:
-    - node_modules
-notifications:
-  email: false
-node_js:
-  - '7'
-  - '6'
-  - '4'
-before_install:
-
-before_script:
-  - yarn
-after_success:
-  - yarn run semantic-release
-branches:
-  except:
+language: node_js
+cache:
+  directories:
+    - node_modules
+notifications:
+  email: false
+node_js:
+  - '7'
+  - '6'
+before_install:
+
+before_script:
+  - yarn
+after_success:
+  - yarn run semantic-release
+branches:
+  except:
     - /^v\d+\.\d+\.\d+$/
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ var config = {
   realm: 'The realm of the token, used in the challenge headers, full url (w/ https:// and  trailing /)',
   jwksUrl: 'The url to retrieve the jwk from, only needed for OAuth v2',
   audience: 'The audience for the auth token',
-  disableV1: 'Should auth v1 be enabled (defaults to false), not required',
+  enableV1: 'Should auth v1 be enabled (defaults to true), not required',
   excludedRoutes (OPTIONAL): [  // Routes that shouldn't be protected by Auth0
     {
       url: '/healthcheck',  // Supports a regex as well

diff --git a/lib/auth0verification.js b/lib/auth0verification.js
@@ -17,7 +17,7 @@ const getExcludedRoutes = function (configuredExclusions) {
     routesToExclude = _.union(defaultExcludedRoutes, configuredExclusions || []);
 
   // Exclude all sub-routes of the configured excluded routes
-  var excludedRoutesRegex = _.map(routesToExclude, function (route) {
+  const excludedRoutesRegex = _.map(routesToExclude, function (route) {
     if (_.isString(route)) {
       return new RegExp(route, 'i');
     } else if (route.url) { // support the url/method key-pair
@@ -39,14 +39,14 @@ const getExcludedRoutes = function (configuredExclusions) {
 const getAuthPublicKey = function (jwksUrl, cache, kid) {
   return cache.get(`kid${kid}`).then(function (data) {
     if (!data) {
-      var client = Promise.promisifyAll(jwksClient({
+      const client = Promise.promisifyAll(jwksClient({
         cache: true,
         cacheMaxEntries: 5,
         jwksUri: jwksUrl
       }));
       return client.getSigningKeyAsync(kid).then(key => {
-        var signingKey = key.publicKey || key.rsaPublicKey;
-        var encodedValue = new Buffer(signingKey).toString("base64");
+        const signingKey = key.publicKey || key.rsaPublicKey;
+        const encodedValue = new Buffer(signingKey).toString("base64");
         return cache.set(`kid${kid}`, encodedValue, 36000).then(() => {
           return new Buffer(signingKey);
         });
@@ -60,19 +60,22 @@ const getAuthPublicKey = function (jwksUrl, cache, kid) {
 // secures the application with auth0, by implementing checks against
 // incoming jwt's, with configuration of what routes to apply it to
 module.exports = function (app, config, logger, cache) {
-  if (config) {
+  let secret;
+  let v1JwtCheck;
 
-    if (config.secret && !config.disableV1) {
+  if (config) {
+    const enableV1 = _.get(config, 'enableV1', true);
+    config.enableV1 = enableV1;
+    if (config.secret && config.enableV1) {
       // decode the client secret if it is base64 encoded
-      var secret;
       if (config.secret.match(BASE64_REGEX)) {
         secret = new Buffer(config.secret, 'base64');
       } else {
         secret = config.secret;
       }
 
       // set up jwt validation, which will take into account excluded routes
-      var v1JwtCheck = expressJwt({
+      v1JwtCheck = expressJwt({
         secret: secret,
         audience: config.clientId
       });
@@ -115,19 +118,19 @@ module.exports = function (app, config, logger, cache) {
           decodedToken = jwt.decode(req.headers.authorization.split(' ')[1], { complete: true });
         }
         catch (err) {
-          var error = new Error(err);
+          const error = new Error(err);
           error.name = ERROR_NAME;
           next(error);
         }
         if (decodedToken && decodedToken.header && decodedToken.header.alg === 'RS256') {
           return v2JwtCheck(req, res, next);
         }
       }
-      if (v1JwtCheck) {
+      if (config.enableV1) {
         return v1JwtCheck(req, res, next);
       }
       else {
-        var error = new Error('The supplied token is not supported by any enabled auth');
+        const error = new Error('The supplied token is not supported by any enabled auth');
         error.name = ERROR_NAME;
         next(error);
       }

diff --git a/lib/unauthorized.js b/lib/unauthorized.js
@@ -5,8 +5,8 @@ module.exports = function(app, config, logger) {
   app.use(function(err, req, res, next) {
     if (err.name === 'UnauthorizedError') {
       logger.log(err);
-      addWwwAuthenticateHeaders(req, res, config.domain, config.clientId, config.audience, config.realm, !config.disableV1);
-      addLinkHeaders(res, config.domain, config.audience, !config.disableV1);
+      addWwwAuthenticateHeaders(req, res, config.domain, config.clientId, config.audience, config.realm, config.enableV1);
+      addLinkHeaders(res, config.domain, config.audience, config.enableV1);
       return res.status(401).json();
     }
     next(err);
@@ -20,7 +20,7 @@ function createv1WWWAuthentiateHeader(req, domain, clientId) {
 
 function addWwwAuthenticateHeaders(req, res, domain, clientId, resourceServer, realm, v1) {
   if (resourceServer) {
-    var v2WwwAuthenticateHeader = util.format('Bearer realm="%s", authorization_uri="https://%s/oauth/token"', realm, domain);
+    const v2WwwAuthenticateHeader = util.format('Bearer realm="%s", authorization_uri="https://%s/oauth/token"', realm, domain);
     if (v1) {
       return res.header('WWW-Authenticate', [v2WwwAuthenticateHeader, createv1WWWAuthentiateHeader(req, domain, clientId)]);
     }
@@ -36,7 +36,7 @@ function createv1LinkHeaders(domain) {
 
 function addLinkHeaders(res, domain, resourceServer, v1) {
   if (resourceServer) {
-    var v2authLink = '<https://%s/oauth/token>; rel=authorization_uri';
+    const v2authLink = '<https://%s/oauth/token>; rel=authorization_uri';
     if (v1) {
       return res.header('Link', [util.format(v2authLink, domain), createv1LinkHeaders(domain)]);
     }

diff --git a/test/auth0verification.test.js b/test/auth0verification.test.js
@@ -112,7 +112,7 @@ describe('Verify auth0 application functions.', function () {
     // Clone the config so as not to break other tests.
     var v2config = JSON.parse(JSON.stringify(config));
     v2config.audience = 'http://api.cimpress.io/';
-    v2config.disableV1 = true;
+    v2config.enableV1 = false;
 
     helper = new Helper(mw, v2config, null, defaultCache);
     helper.app.get("/stub", function (req, res) {