Merge branch 'master' into next

This commit is contained in:
Kim Gardner
2017-07-25 10:07:13 -04:00
committed by GitHub
3 changed files with 7 additions and 2 deletions
+3
View File
@@ -37,6 +37,9 @@ const CONFIG = {
// JWT_EXPIRY is the time for which a given token is valid for.
JWT_EXPIRY: process.env.TALK_JWT_EXPIRY || '1 day',
// JWT_ALG is the algorithm used for signing jwt tokens.
JWT_ALG: process.env.TALK_JWT_ALG || 'HS256',
//------------------------------------------------------------------------------
// Installation locks
//------------------------------------------------------------------------------
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "talk",
"version": "2.5.0",
"version": "3.0.0",
"description": "A better commenting experience from Mozilla, The New York Times, and the Washington Post. https://coralproject.net",
"main": "app.js",
"scripts": {
+3 -1
View File
@@ -21,6 +21,7 @@ const {
JWT_ISSUER,
JWT_EXPIRY,
JWT_AUDIENCE,
JWT_ALG,
RECAPTCHA_SECRET,
RECAPTCHA_ENABLED
} = require('../config');
@@ -219,6 +220,7 @@ passport.use(new JwtStrategy({
// Prepare the extractor from the header.
jwtFromRequest: ExtractJwt.fromExtractors([
cookieExtractor,
ExtractJwt.fromUrlQueryParameter('access_token'),
ExtractJwt.fromAuthHeaderWithScheme('Bearer')
]),
@@ -233,7 +235,7 @@ passport.use(new JwtStrategy({
audience: JWT_AUDIENCE,
// Enable only the HS256 algorithm.
algorithms: ['HS256'],
algorithms: [JWT_ALG],
// Pass the request object back to the callback so we can attach the JWT to
// it.