From 6c0698b513e11ff1d4b152e070a627f5092be801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=C2=A0F=2E=20Romaniello?= <jfromaniello@gmail.com>
Date: Wed, 20 Apr 2022 12:42:29 -0300
Subject: [PATCH] add support for capital Authorization header. closes #200

---
 src/index.ts     |  5 +++--
 test/jwt.test.ts | 20 ++++++++++++++++----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 17221466..1b185da1 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -47,10 +47,11 @@ export const expressjwt = (options: Params) => {
         }
       }
 
+      const authorizationHeader = req.headers && 'Authorization' in req.headers ? 'Authorization' : 'authorization';
       if (options.getToken && typeof options.getToken === 'function') {
         token = await options.getToken(req);
-      } else if (req.headers && req.headers.authorization) {
-        const parts = req.headers.authorization.split(' ');
+      } else if (req.headers && req.headers[authorizationHeader]) {
+        const parts = (req.headers[authorizationHeader] as string).split(' ');
         if (parts.length == 2) {
           const scheme = parts[0];
           const credentials = parts[1];
diff --git a/test/jwt.test.ts b/test/jwt.test.ts
index 07f9a917..f8c3071a 100644
--- a/test/jwt.test.ts
+++ b/test/jwt.test.ts
@@ -265,15 +265,27 @@ describe('work tests', function () {
     });
   });
 
-  it('should work if no authorization header and credentials are not required', function (done) {
-    const req = {} as express.Request;
+  it('should work if Authorization header is capitalized (lambda environment)', function (done) {
+    const secret = Buffer.from('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'base64');
+    const token = jwt.sign({ foo: 'bar' }, secret);
+    const req = {} as ExpressJwtRequest;
     const res = {} as express.Response;
-    expressjwt({ secret: 'shhhh', algorithms: ['HS256'], credentialsRequired: false })(req, res, function (err) {
-      assert(typeof err === 'undefined');
+
+    req.headers = {};
+    req.headers.Authorization = 'Bearer ' + token;
+    expressjwt({ secret: secret, algorithms: ['HS256'] })(req, res, function (err) {
+      if (err) { return done(err); }
+      assert.equal(req.auth.foo, 'bar');
       done();
     });
   });
 
+  it('should work if no authorization header and credentials are not required', function (done) {
+    const req = {} as express.Request;
+    const res = {} as express.Response;
+    expressjwt({ secret: 'shhhh', algorithms: ['HS256'], credentialsRequired: false })(req, res, done);
+  });
+
   it('should not work if no authorization header', function (done) {
     const req = {} as express.Request;
     const res = {} as express.Response;