allow api requests to be made with the access token as a query parameter

closes TryGhost#6040 - adds check for access token query parameter in auth middleware
acburdine · Nov 12, 2015 · 67a6b4c · 67a6b4c
1 parent 2cfc46d
commit 67a6b4c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/core/server/middleware/auth.js b/core/server/middleware/auth.js
@@ -19,6 +19,8 @@ function isBearerAutorizationHeader(req) {
 
     if (req.headers && req.headers.authorization) {
         parts = req.headers.authorization.split(' ');
+    } else if (req.query && req.query.access_token) {
+        return true;
     } else {
         return false;
     }

diff --git a/core/test/functional/routes/api/db_spec.js b/core/test/functional/routes/api/db_spec.js
@@ -47,4 +47,20 @@ describe('DB API', function () {
                 done();
             });
     });
+
+    it('should work with access token set as query parameter', function (done) {
+        request.get(testUtils.API.getApiQuery('db/?access_token=' + accesstoken))
+            .expect('Content-Type', /json/)
+            .expect(200)
+            .end(function (err, res) {
+                if (err) {
+                    return done(err);
+                }
+
+                var jsonResponse = res.body;
+                should.exist(jsonResponse.db);
+                jsonResponse.db.should.have.length(1);
+                done();
+            });
+    });
 });