From 53d920ecdc3c2d3ec772f673e644260fbf71ce67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Falala-Sechet?= Date: Mon, 12 Aug 2019 16:59:39 +0200 Subject: [PATCH] fix: save authorizer data in authorizer property --- src/config/offline-default.req.vm | 17 +++++++++++++++-- src/createAuthScheme.js | 4 ++-- src/createVelocityContext.js | 27 +++++++++++++-------------- 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/src/config/offline-default.req.vm b/src/config/offline-default.req.vm index bce5ceb69..464e018ff 100644 --- a/src/config/offline-default.req.vm +++ b/src/config/offline-default.req.vm @@ -11,14 +11,27 @@ "body": $input.json("$"), "method": "$context.httpMethod", "principalId": "$context.authorizer.principalId", + #set( $map = $context.authorizer ) + ## see https://github.com/serverless/serverless/issues/4374 + "enhancedAuthContext": { + #foreach($key in $map.keySet()) + ## The claims are not part of the enhancedAuthContext in serverless and should be excluded. + ## However it is more practical to set this property to null as defined in + ## https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference + #if($key == "claims") + "$key": null + #else + "$key": "$util.escapeJavaScript($map.get($key))" + #end + #if($foreach.hasNext),#end + #end + }, #set( $map = $input.params().header ) "headers": $loop, #set( $map = $input.params().querystring ) "query": $loop, #set( $map = $input.params().path ) "path": $loop, - #set( $map = $context.enhancedAuthContext ) - "enhancedAuthContext": $loop, #set( $map = $context.identity ) "identity": $loop, #set( $map = $stageVariables ) diff --git a/src/createAuthScheme.js b/src/createAuthScheme.js index c0fa8fe1a..d797ce191 100644 --- a/src/createAuthScheme.js +++ b/src/createAuthScheme.js @@ -221,7 +221,7 @@ module.exports = function createAuthScheme( `Authorization function returned a successful response: (λ: ${authFunName})`, ); - const enhancedAuthContext = { + const authorizer = { principalId: policy.principalId, integrationLatency: '42', ...policy.context, @@ -233,8 +233,8 @@ module.exports = function createAuthScheme( credentials: { context: policy.context, usageIdentifierKey: policy.usageIdentifierKey, - enhancedAuthContext, principalId: policy.principalId, + authorizer, }, }), ); diff --git a/src/createVelocityContext.js b/src/createVelocityContext.js index 857eaa3c1..ac8030c23 100644 --- a/src/createVelocityContext.js +++ b/src/createVelocityContext.js @@ -26,11 +26,10 @@ function escapeJavaScript(x) { */ module.exports = function createVelocityContext(request, options, payload) { const path = (x) => jsonPath(payload || {}, x); - const enhancedAuthContext = - request.auth && - request.auth.credentials && - request.auth.credentials.enhancedAuthContext; const authPrincipalId = request.auth && request.auth.credentials && request.auth.credentials.principalId; + let authorizer = request.auth + && request.auth.credentials + && request.auth.credentials.authorizer; const headers = request.unprocessedHeaders; let token = headers && (headers.Authorization || headers.authorization); @@ -39,11 +38,18 @@ module.exports = function createVelocityContext(request, options, payload) { [, token] = token.split(' '); } - let claims; + if (!authorizer) authorizer = {}; + authorizer.principalId = authPrincipalId + || process.env.PRINCIPAL_ID + || 'offlineContext_authorizer_principalId'; // See #24 + if (token) { try { - claims = decode(token) || undefined; + const claims = decode(token) || undefined; + if (claims) { + Object.assign(authorizer, { claims }); + } } catch (err) { // Nothing } @@ -52,14 +58,7 @@ module.exports = function createVelocityContext(request, options, payload) { return { context: { apiId: 'offlineContext_apiId', - authorizer: { - principalId: - authPrincipalId || - process.env.PRINCIPAL_ID || - 'offlineContext_authorizer_principalId', // See #24 - claims, - }, - enhancedAuthContext: enhancedAuthContext || {}, + authorizer, httpMethod: request.method.toUpperCase(), identity: { accountId: 'offlineContext_accountId',