(req, res, next)
| 60 | */ |
| 61 | function oauth2TokenParser(options) { |
| 62 | function parseOauth2Token(req, res, next) { |
| 63 | req.oauth2 = { accessToken: null }; |
| 64 | |
| 65 | var tokenFromHeader = parseHeader(req); |
| 66 | |
| 67 | if (tokenFromHeader) { |
| 68 | req.oauth2.accessToken = tokenFromHeader; |
| 69 | } |
| 70 | |
| 71 | var tokenFromBody = null; |
| 72 | |
| 73 | if (typeof req.body === 'object') { |
| 74 | tokenFromBody = req.body.access_token; |
| 75 | } |
| 76 | |
| 77 | // more than one method to transmit the token in each request |
| 78 | // is not allowed - return 400 |
| 79 | if (tokenFromBody && tokenFromHeader) { |
| 80 | // eslint-disable-next-line new-cap |
| 81 | return next( |
| 82 | new errors.makeErrFromCode(400, 'multiple tokens disallowed') |
| 83 | ); |
| 84 | } |
| 85 | |
| 86 | if ( |
| 87 | tokenFromBody && |
| 88 | req.contentType().toLowerCase() === |
| 89 | 'application/x-www-form-urlencoded' |
| 90 | ) { |
| 91 | req.oauth2.accessToken = tokenFromBody; |
| 92 | } |
| 93 | |
| 94 | return next(); |
| 95 | } |
| 96 | |
| 97 | return parseOauth2Token; |
| 98 | } |
nothing calls this directly
no test coverage detected