allow passing token via URL query parameter (closes #49)

routes/user/user_middleware.go

@@ -23,6 +23,7 @@ package user
 
 import (
 	"fmt"
+
 	"git.rwth-aachen.de/acs/public/villas/web-backend-go/database"
 	"git.rwth-aachen.de/acs/public/villas/web-backend-go/helper"
 	"github.com/dgrijalva/jwt-go"
@@ -52,7 +53,10 @@ func Authentication(unauthorized bool) gin.HandlerFunc {
 		// case of OAuth2 use the request.OAuth2Extractor and make sure
 		// that the argument is 'access-token' or provide a custom one
 		token, err := request.ParseFromRequest(ctx.Request,
-			request.AuthorizationHeaderExtractor,
+			request.MultiExtractor{
+				request.AuthorizationHeaderExtractor,
+				request.ArgumentExtractor{"token"},
+			},
 			func(token *jwt.Token) (interface{}, error) {
 
 				// validate alg for signing the jwt

routes/user/user_test.go

@@ -25,12 +25,13 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"git.rwth-aachen.de/acs/public/villas/web-backend-go/helper"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"testing"
 
+	"git.rwth-aachen.de/acs/public/villas/web-backend-go/helper"
+
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
 
@@ -130,6 +131,27 @@ func TestAuthenticate(t *testing.T) {
 
 }
 
+func TestAuthenticateQueryToken(t *testing.T) {
+
+	database.DropTables()
+	database.MigrateModels()
+	assert.NoError(t, helper.DBAddAdminAndUserAndGuest())
+
+	// authenticate as admin
+	token, err := helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.AdminCredentials)
+	assert.NoError(t, err)
+
+	w := httptest.NewRecorder()
+
+	// Create the request
+	req, err := http.NewRequest("GET", "/api/users?token="+token, nil)
+	assert.NoError(t, err)
+
+	router.ServeHTTP(w, req)
+	assert.Equal(t, w.Code, 200)
+}
+
 func TestAddGetUser(t *testing.T) {
 
 	database.DropTables()