Merge pull request #506 from ondrowan/fix-no-auth

Fix noAuth option not working
dherault · Oct 22, 2018 · 6fb907d · 6fb907d
2 parents 92ed5c1 + bcfdbcd
commit 6fb907d
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/src/index.js b/src/index.js
@@ -488,7 +488,7 @@ class Offline {
 
             // this.serverlessLog(protectedRoutes);
             // Check for APIKey
-            if (_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) {
+            if ((_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) && !this.options.noAuth) {
               const errorResponse = response => response({ message: 'Forbidden' }).code(403).type('application/json').header('x-amzn-ErrorType', 'ForbiddenException');
               if ('x-api-key' in request.headers) {
                 const requestToken = request.headers['x-api-key'];

diff --git a/test/integration/offline.js b/test/integration/offline.js
@@ -95,6 +95,54 @@ describe('Offline', () => {
 
   });
 
+  context('with private function and noAuth option set', () => {
+    let offline;
+    const validToken = 'valid-token'
+
+    before(done => {
+      offline = new OfflineBuilder(new ServerlessBuilder(), { apiKey: validToken, noAuth: true }).addFunctionConfig('fn2', {
+        handler: 'handler.basicAuthentication',
+        events: [{
+          http: {
+            path: 'fn3',
+            method: 'GET',
+            private: true,
+          },
+        }],
+      }, (event, context, cb) => {
+        const response = {
+          statusCode: 200,
+          body: JSON.stringify({
+            message: 'Private Function Executed Correctly',
+          }),
+        };
+        cb(null, response);
+      }).addApiKeys(['token']).toObject();
+      done();
+    });
+
+    it('should execute the function correctly if no API key is provided', done => {
+      offline.inject({
+        method: 'GET',
+        url: '/fn3',
+      }, res => {
+        expect(res.statusCode).to.eq(200);
+        done();
+      });
+    });
+
+    it('should execute the function correctly if API key is provided', done => {
+      offline.inject({
+        method: 'GET',
+        url: '/fn3',
+        headers: { 'x-api-key': validToken },
+      }, res => {
+        expect(res.statusCode).to.eq(200);
+        done();
+      });
+    });
+  });
+
   context('lambda integration', () => {
     it('should use event defined response template and headers', done => {
       const offline = new OfflineBuilder().addFunctionConfig('index', {