Add support to secured endpoints throught Authorization header (#358)

* Add support to secured endpoints throught Authorization header

* Adding the ability to set AUTH_TYPE

* clean up

* improve coverage

Author: sebasjm

src/CoreManager.js

@@ -165,6 +165,8 @@ const config: Config & { [key: string]: mixed } = {
             !process.versions.electron),
   REQUEST_ATTEMPT_LIMIT: 5,
   SERVER_URL: 'https://api.parse.com/1',
+  SERVER_AUTH_TYPE: null,
+  SERVER_AUTH_TOKEN: null,
   LIVEQUERY_SERVER_URL: null,
   VERSION: 'js' + require('../package.json').version,
   APPLICATION_ID: null,

src/Parse.js

@@ -127,6 +127,35 @@ Object.defineProperty(Parse, 'serverURL', {
     CoreManager.set('SERVER_URL', value);
   }
 });
+
+/**
+ * @member Parse.serverAuthToken
+ * @type string
+ * @static
+ */
+Object.defineProperty(Parse, 'serverAuthToken', {
+  get() {
+    return CoreManager.get('SERVER_AUTH_TOKEN');
+  },
+  set(value) {
+    CoreManager.set('SERVER_AUTH_TOKEN', value);
+  }
+});
+
+/**
+ * @member Parse.serverAuthType
+ * @type string
+ * @static
+ */
+Object.defineProperty(Parse, 'serverAuthType', {
+  get() {
+    return CoreManager.get('SERVER_AUTH_TYPE');
+  },
+  set(value) {
+    CoreManager.set('SERVER_AUTH_TYPE', value);
+  }
+});
+
 /**
  * @member Parse.liveQueryServerURL
  * @type string

src/RESTController.js

@@ -146,6 +146,9 @@ const RESTController = {
         headers['User-Agent'] = 'Parse/' + CoreManager.get('VERSION') +
           ' (NodeJS ' + process.versions.node + ')';
       }
+      if (CoreManager.get('SERVER_AUTH_TYPE') && CoreManager.get('SERVER_AUTH_TOKEN')) {
+        headers['Authorization'] = CoreManager.get('SERVER_AUTH_TYPE') + ' ' + CoreManager.get('SERVER_AUTH_TOKEN');
+      }
 
       if(options && typeof options.progress === 'function') {
         if (xhr.upload) {

src/__tests__/Parse-test.js

@@ -46,6 +46,16 @@ describe('Parse module', () => {
     expect(Parse.masterKey).toBe('789');
   });
 
+  it('can set auth type and token', () => {
+    Parse.serverAuthType = 'bearer';
+    expect(CoreManager.get('SERVER_AUTH_TYPE')).toBe('bearer');
+    expect(Parse.serverAuthType).toBe('bearer');
+
+    Parse.serverAuthToken = 'some_token';
+    expect(CoreManager.get('SERVER_AUTH_TOKEN')).toBe('some_token');
+    expect(Parse.serverAuthToken).toBe('some_token');
+  });
+
   it('can set LocalDatastoreController', () => {
     const controller = {
       fromPinWithName: function() {},

src/__tests__/RESTController-test.js

@@ -377,6 +377,25 @@ describe('RESTController', () => {
     );
   });
 
+  it('sends auth header when the auth type and token flags are set', async () => {
+    CoreManager.set('SERVER_AUTH_TYPE', 'Bearer');
+    CoreManager.set('SERVER_AUTH_TOKEN', 'some_random_token');
+    const credentialsHeader = (header) => "Authorization" === header[0];
+    const xhr = {
+      setRequestHeader: jest.fn(),
+      open: jest.fn(),
+      send: jest.fn()
+    };
+    RESTController._setXHR(function() { return xhr; });
+    RESTController.request('GET', 'classes/MyObject', {}, {});
+    await flushPromises();
+    expect(xhr.setRequestHeader.mock.calls.filter(credentialsHeader)).toEqual(
+      [["Authorization", "Bearer some_random_token"]]
+    );
+    CoreManager.set('SERVER_AUTH_TYPE', null);
+    CoreManager.set('SERVER_AUTH_TOKEN', null);
+  });
+
   it('reports upload progress of the AJAX request when callback is provided', (done) => {
     const xhr = mockXHR([{ status: 200, response: { success: true }}], {
       addEventListener: (name, callback) => {