From f694cb6fd8486e68f162d3fbecfd4e7fd091c8da Mon Sep 17 00:00:00 2001
From: Scott Donnelly <scott@donnel.ly>
Date: Sun, 17 May 2020 20:51:57 +0100
Subject: [PATCH] support leading/trailing whitespace in Authorization header
 value

---
 lib/resolvers/auth-header.js |  2 +-
 test/test.js                 | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/lib/resolvers/auth-header.js b/lib/resolvers/auth-header.js
index 7c197db..e8d4960 100644
--- a/lib/resolvers/auth-header.js
+++ b/lib/resolvers/auth-header.js
@@ -12,7 +12,7 @@ module.exports = function resolveAuthorizationHeader(ctx, opts) {
         return;
     }
 
-    const parts = ctx.header.authorization.split(' ');
+    const parts = ctx.header.authorization.trim().split(' ');
 
     if (parts.length === 2) {
         const scheme = parts[0];
diff --git a/test/test.js b/test/test.js
index 261ef52..12f91d0 100644
--- a/test/test.js
+++ b/test/test.js
@@ -433,6 +433,27 @@ describe('success tests', () => {
       .end(done);
   });
 
+  it('should work if authorization header contains leading and/or trailing whitespace', done => {
+    const validUserResponse = res => res.body.foo !== 'bar' && 'Wrong user';
+
+    const secret = 'shhhhhh';
+    const token = jwt.sign({foo: 'bar'}, secret);
+
+    const app = new Koa();
+
+    app.use(koajwt({ secret: secret }));
+    app.use(ctx => {
+      ctx.body = ctx.state.user;
+    });
+
+    request(app.listen())
+      .get('/')
+      .set('Authorization', `     Bearer ${token}     `)
+      .expect(200)
+      .expect(validUserResponse)
+      .end(done);
+  });
+
   it('should work if authorization header is valid jwt according to one of the secrets', done => {
     const validUserResponse = res => res.body.foo !== 'bar' && 'Wrong user';