fix: skip adding authorizer to event if no authorizer is configured (#…

…1786) * dont add authorizor to event if no authorizer is configured * update test descriptions * Update src/events/http/HttpServer.js Co-authored-by: Dorian <[email protected]> --------- Co-authored-by: Dorian <[email protected]>
dherault · May 19, 2024 · 68f8f53 · 68f8f53
1 parent ee20b48
commit 68f8f53
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 2 deletions.
diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
@@ -592,6 +592,15 @@ export default class HttpServer {
               )
 
         event = lambdaProxyIntegrationEvent.create()
+
+        const customizations = this.#serverless.service.custom
+        const hasCustomAuthProvider =
+          customizations?.offline?.customAuthenticationProvider
+
+        if (!endpoint.authorizer && !hasCustomAuthProvider) {
+          log.debug("no authorizer configured, deleting authorizer payload")
+          delete event.requestContext.authorizer
+        }
       }
 
       log.debug("event:", event)

diff --git a/tests/integration/request-authorizer/request-authorizer.test.js b/tests/integration/request-authorizer/request-authorizer.test.js
@@ -33,6 +33,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with Allow policy",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {
@@ -97,6 +98,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with Allow policy",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {},
@@ -149,6 +151,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with Allow policy",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {
@@ -213,6 +216,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with Allow policy",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {},
@@ -265,6 +269,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with isAuthorized true",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {
@@ -329,6 +334,7 @@ describe("request authorizer tests", () => {
       {
         description: "should respond with Allow policy",
         expected: {
+          hasAuthorizer: true,
           status: "Authorized",
         },
         options: {},
@@ -375,4 +381,39 @@ describe("request authorizer tests", () => {
       },
     ].forEach(doTest)
   })
+
+  describe("no authorizer configured", () => {
+    ;[
+      {
+        description:
+          "should respond authorized with no authorizer with payload 1.0",
+        expected: {
+          hasAuthorizer: false,
+          status: "Authorized",
+        },
+        options: {
+          headers: {
+            Authorization: "Bearer fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5a",
+          },
+        },
+        path: "/user1-no-authorizer",
+        status: 200,
+      },
+      {
+        description:
+          "should respond authorized with no authorizer with payload 2.0",
+        expected: {
+          hasAuthorizer: false,
+          status: "Authorized",
+        },
+        options: {
+          headers: {
+            Authorization: "Bearer fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5a",
+          },
+        },
+        path: "/user2-no-authorizer",
+        status: 200,
+      },
+    ].forEach(doTest)
+  })
 })
diff --git a/tests/integration/request-authorizer/serverless.yml b/tests/integration/request-authorizer/serverless.yml
@@ -65,6 +65,15 @@ functions:
           path: /user1-header
     handler: src/handler.user
 
+  user1NoAuthorizer:
+    httpApi:
+      payload: "1.0"
+    events:
+      - httpApi:
+          method: get
+          path: /user1-no-authorizer
+    handler: src/handler.user
+
   user2:
     events:
       - httpApi:
@@ -110,6 +119,15 @@ functions:
           path: /user2simple-querystring
     handler: src/handler.user
 
+  user2NoAuthorizer:
+    httpApi:
+      payload: "2.0"
+    events:
+      - httpApi:
+          method: get
+          path: /user2-no-authorizer
+    handler: src/handler.user
+
   requestAuthorizer1FormatHeader:
     handler: src/authorizer.requestAuthorizer1Format
 

diff --git a/tests/integration/request-authorizer/src/handler.js b/tests/integration/request-authorizer/src/handler.js
@@ -1,8 +1,12 @@
 const { stringify } = JSON
 
-export async function user() {
+export async function user(event) {
+  const { authorizer } = event.requestContext
   return {
-    body: stringify({ status: "Authorized" }),
+    body: stringify({
+      hasAuthorizer: !!authorizer,
+      status: "Authorized",
+    }),
     statusCode: 200,
   }
 }