Fix: Problem of parsing access_token and handling Authorization header

- Close #227

lib/crowi/express-init.js

@@ -79,6 +79,9 @@ module.exports = function(crowi, app) {
   // Set basic auth middleware
   app.use(function(req, res, next) {
     var config = crowi.getConfig();
+    if (req.query.access_token || req.body.access_token) {
+      return next();
+    }
 
     if (config.crowi['security:basicName'] && config.crowi['security:basicSecret']) {
       return basicAuth(

lib/util/middlewares.js

@@ -189,7 +189,8 @@ exports.loginRequired = function(crowi, app) {
 
 exports.accessTokenParser = function(crowi, app) {
   return function(req, res, next) {
-    var accessToken = req.query.access_token || req.body.access_token || req.get('Authorization') || null;
+    // TODO: comply HTTP header of RFC6750 / Authorization: Bearer
+    var accessToken = req.query.access_token || req.body.access_token || null;
     if (!accessToken) {
       return next();
     }