Merge pull request #77 from seegno/enhancement/authorization-header

pgom · pgom · commit b2a89749f053 · 2016-02-08T13:28:47.000Z
Update interceptor to allow authorization header to be overridden
diff --git a/src/interceptors/oauth-interceptor.js b/src/interceptors/oauth-interceptor.js
@@ -8,9 +8,10 @@
 function oauthInterceptor($q, $rootScope, OAuthToken) {
   return {
     request: function(config) {
+      config.headers = config.headers || {};
+
       // Inject `Authorization` header.
-      if (OAuthToken.getAuthorizationHeader()) {
-        config.headers = config.headers || {};
+      if (!config.headers.hasOwnProperty('Authorization') && OAuthToken.getAuthorizationHeader()) {
         config.headers.Authorization = OAuthToken.getAuthorizationHeader();
       }
 
diff --git a/src/providers/oauth-provider.js b/src/providers/oauth-provider.js
@@ -163,7 +163,10 @@ function OAuthProvider() {
         data = queryString.stringify(data);
 
         var options = {
-          headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
+          headers: {
+            'Authorization': undefined,
+            'Content-Type': 'application/x-www-form-urlencoded'
+          }
         };
 
         return $http.post(`${config.baseUrl}${config.grantPath}`, data, options).then((response) => {
diff --git a/test/unit/interceptors/oauth-interceptor.spec.js b/test/unit/interceptors/oauth-interceptor.spec.js
@@ -37,6 +37,28 @@ describe('oauthInterceptor', function() {
     $httpBackend.flush();
   }));
 
+  it('should not inject `Authorization` header if it already exists', inject(function($http, $httpBackend, OAuthToken) {
+    OAuthToken.setToken({ token_type: 'bearer', access_token: 'foo', expires_in: 3600, refresh_token: 'bar' });
+
+    $httpBackend.expectGET('https://website.com', function(headers) {
+      headers.Authorization = undefined;
+
+      return headers;
+    }).respond(200);
+
+    $http.get('https://website.com').then(function(response) {
+      response.config.headers.should.have.property('Authorization');
+      (undefined === response.config.headers.Authorization).should.be.true;
+    }).catch(function() {
+      should.fail();
+    });
+
+    $httpBackend.flush();
+
+    $httpBackend.verifyNoOutstandingExpectation();
+    $httpBackend.verifyNoOutstandingRequest();
+  }));
+
   it('should remove `token` if an `invalid_request` error occurs', inject(function($http, $httpBackend, OAuthToken) {
     sinon.spy(OAuthToken, 'removeToken');
 
