Merge pull request #80 from seegno/support/reintroduce-authorization-…

…header Reintroduce authorization header to be overridden
oauthjs · Feb 12, 2016 · 946048b · 946048b
2 parents beb1d54 + 923fce9
commit 946048b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/src/interceptors/oauth-interceptor.js b/src/interceptors/oauth-interceptor.js
@@ -6,9 +6,10 @@
 function oauthInterceptor($q, $rootScope, OAuthToken) {
   return {
     request: function(config) {
+      config.headers = config.headers || {};
+
       // Inject `Authorization` header.
-      if (OAuthToken.getAuthorizationHeader()) {
-        config.headers = config.headers || {};
+      if (!config.headers.hasOwnProperty('Authorization') && OAuthToken.getAuthorizationHeader()) {
         config.headers.Authorization = OAuthToken.getAuthorizationHeader();
       }
 

diff --git a/test/unit/interceptors/oauth-interceptor.spec.js b/test/unit/interceptors/oauth-interceptor.spec.js
@@ -37,6 +37,28 @@ describe('oauthInterceptor', function() {
     $httpBackend.flush();
   }));
 
+  it('should not inject `Authorization` header if it already exists', inject(function($http, $httpBackend, OAuthToken) {
+    OAuthToken.setToken({ token_type: 'bearer', access_token: 'foo', expires_in: 3600, refresh_token: 'bar' });
+
+    $httpBackend.expectGET('https://website.com', function(headers) {
+      headers.Authorization = undefined;
+
+      return headers;
+    }).respond(200);
+
+    $http.get('https://website.com').then(function(response) {
+      response.config.headers.should.have.property('Authorization');
+      (undefined === response.config.headers.Authorization).should.be.true;
+    }).catch(function() {
+      should.fail();
+    });
+
+    $httpBackend.flush();
+
+    $httpBackend.verifyNoOutstandingExpectation();
+    $httpBackend.verifyNoOutstandingRequest();
+  }));
+
   it('should remove `token` if an `invalid_request` error occurs', inject(function($http, $httpBackend, OAuthToken) {
     sinon.spy(OAuthToken, 'removeToken');