Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: request authorizers with null identitySource should return 401 #1618

Merged
merged 2 commits into from
Nov 26, 2022
Merged

feat: request authorizers with null identitySource should return 401 #1618

merged 2 commits into from
Nov 26, 2022

Conversation

rion18
Copy link
Contributor

@rion18 rion18 commented Nov 26, 2022
edited
Loading

Description

According to the official Amazon docs, whenever you set a request authorizer with a specific identity source, such as $request.header.Authorization, and a request comes WITHOUT this identity source, then API Gateway responds with a 401 Unauthorized error.

Motivation and Context

Currently, when doing a request to a function that has an Authorizer attached to it, if the identitySource is not present on the request, then serverless-offline responds with an error 500. I've made the change so it returns a 401 instead.

How Has This Been Tested?

The request-authorizers suite of tests have been updated with a new test case per describe block (this change applies to payload format 1.0, 2.0 with simple response, with headers/query params).

We previously had a test with description should fail with an Unauthorized error.
Now, we have TWO tests, one with description should fail with an Unauthorized error when identity source is explicitly not handled and another one with should fail with an Unauthorized error when identity source is not present on the request.

@dnalborczyk dnalborczyk changed the title feature: request authorizers with null identitySource should return 401 feat: request authorizers with null identitySource should return 401 Nov 26, 2022
@dnalborczyk dnalborczyk merged commit 48c5a18 into dherault:master Nov 26, 2022
@dnalborczyk
Copy link
Collaborator

thank you again @rion18 !! much appreciated!

@rion18
Copy link
Contributor Author

rion18 commented Nov 26, 2022

My pleasure.

@kohanian
Copy link
Contributor

@rion18 thanks for fixing this!

@kohanian kohanian mentioned this pull request Nov 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rion18 @dnalborczyk @kohanian