Fixing regression with invalid jwt being passed to the 'watch' apis

Author: Eric Herbrandson

client/src/services/apiProxy.js

@@ -12,7 +12,7 @@ export async function request(path, params, autoLogoutOnAuthError = true) {
     const opts = Object.assign({headers: {}}, params);
 
     const token = getToken();
-    if (token) opts.headers.Authorization = token;
+    if (token) opts.headers.Authorization = `Bearer ${token}`;
 
     const url = combinePath(BASE_HTTP_URL, path);
     const response = await fetch(url, opts);

client/src/services/auth.js

@@ -11,11 +11,6 @@ if (authorizationCookie) {
 }
 
 export function getToken() {
-    // This line deals with backwards compatability from when we used to only store the actual jwt
-    if (localStorage.authToken && !localStorage.authToken.startsWith('Bearer ')) {
-        localStorage.authToken = `Bearer ${localStorage.authToken}`;
-    }
-
     return localStorage.authToken;
 }
 

client/src/views/auth.js

@@ -97,7 +97,7 @@ async function oidcLogin(code, returnedState) {
 
 async function login(token, redirectUri) {
     try {
-        setToken(`Bearer ${token}`);
+        setToken(token);
         await api.testAuth();
 
         if (redirectUri) {

server/index.js

@@ -58,7 +58,8 @@ function preAuth(req, res, next) {
 
     // If the request already contains an authorization header, pass it through to the client (as a cookie)
     if (auth) {
-        res.cookie('Authorization', auth, {maxAge: 60, httpOnly: false});
+        const value = auth.replace('Bearer ', '');
+        res.cookie('Authorization', value, {maxAge: 60, httpOnly: false});
         console.log('Authorization header found. Passing through to client.');
     }