core-api
diff --git a/‎lib/auth/basic.js
Lines changed: 17 additions & 0 deletions b/‎lib/auth/basic.js
Lines changed: 17 additions & 0 deletions
diff --git a/‎lib/auth/index.js
Lines changed: 9 additions & 0 deletions b/‎lib/auth/index.js
Lines changed: 9 additions & 0 deletions
diff --git a/‎lib/auth/session.js
Lines changed: 39 additions & 0 deletions b/‎lib/auth/session.js
Lines changed: 39 additions & 0 deletions
diff --git a/‎lib/auth/token.js
Lines changed: 15 additions & 0 deletions b/‎lib/auth/token.js
Lines changed: 15 additions & 0 deletions
diff --git a/‎lib/client.js
Lines changed: 1 addition & 1 deletion b/‎lib/client.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/index.js
Lines changed: 2 additions & 0 deletions b/‎lib/index.js
Lines changed: 2 additions & 0 deletions
diff --git a/‎lib/transports/http.js
Lines changed: 3 additions & 6 deletions b/‎lib/transports/http.js
Lines changed: 3 additions & 6 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/transports/http.js
Lines changed: 32 additions & 4 deletions b/‎tests/transports/http.js
Lines changed: 32 additions & 4 deletions
@@ -0,0 +1,17 @@
+class BasicAuthentication {
+  constructor (options = {}) {
+    const username = options.username
+    const password = options.password
+    const hash = window.btoa(username + ':' + password)
+    this.auth = 'Basic ' + hash
+  }
+
+  authenticate (options) {
+    options.headers['Authorization'] = this.auth
+    return options
+  }
+}
+
+module.exports = {
+  BasicAuthentication: BasicAuthentication
+}
@@ -0,0 +1,9 @@
+const basic = require('./basic')
+const session = require('./session')
+const token = require('./token')
+
+module.exports = {
+  BasicAuthentication: basic.BasicAuthentication,
+  SessionAuthentication: session.SessionAuthentication,
+  TokenAuthentication: token.TokenAuthentication
+}
@@ -0,0 +1,39 @@
+const utils = require('../utils')
+
+function trim (str) {
+  return str.replace(/^\s\s*/, '').replace(/\s\s*$/, '')
+}
+
+function getCookie (cookieName, cookieString) <
8000
span class=pl-kos>{
+  cookieString = cookieString || window.document.cookie
+  if (cookieString && cookieString !== '') {
+    const cookies = cookieString.split(';')
+    for (var i = 0; i < cookies.length; i++) {
+      const cookie = trim(cookies[i])
+      // Does this cookie string begin with the name we want?
+      if (cookie.substring(0, cookieName.length + 1) === (cookieName + '=')) {
+        return decodeURIComponent(cookie.substring(cookieName.length + 1))
+      }
+    }
+  }
+  return null
+}
+
+class SessionAuthentication {
+  constructor (options = {}) {
+    this.csrfToken = getCookie(options.csrfCookieName, options.cookieString)
+    this.csrfHeaderName = options.csrfHeaderName
+  }
+
+  authenticate (options) {
+    options.credentials = 'same-origin'
+    if (this.csrfToken && !utils.csrfSafeMethod(options.method)) {
+      options.headers[this.csrfHeaderName] = this.csrfToken
+    }
+    return options
+  }
+}
+
+module.exports = {
+  SessionAuthentication: SessionAuthentication
+}
@@ -0,0 +1,15 @@
+class TokenAuthentication {
+  constructor (options = {}) {
+    this.token = options.token
+    this.prefix = options.prefix || 'Bearer'
+  }
+
+  authenticate (options) {
+    options.headers['Authorization'] = this.prefix + ' ' + this.token
+    return options
+  }
+}
+
+module.exports = {
+  TokenAuthentication: TokenAuthentication
+}
@@ -24,7 +24,7 @@ function lookupLink (node, keys) {
 class Client {
   constructor (options = {}) {
     const transportOptions = {
-      csrf: options.csrf,
+      auth: options.auth || null,
       headers: options.headers || {},
       requestCallback: options.requestCallback,
       responseCallback: options.responseCallback
 
@@ -1,3 +1,4 @@
+const auth = require('./auth')
 const client = require('./client')
 const codecs = require('./codecs')
 const document = require('./document')
@@ -9,6 +10,7 @@ const coreapi = {
   Client: client.Client,
   Document: document.Document,
   Link: document.Link,
+  auth: auth,
   codecs: codecs,
   errors: errors,
   transports: transports,
 
@@ -19,7 +19,7 @@ const parseResponse = (response, decoders, responseCallback) => {
 class HTTPTransport {
   constructor (options = {}) {
     this.schemes = ['http', 'https']
-    this.csrf = options.csrf
+    this.auth = options.auth || null
     this.headers = options.headers || {}
     this.fetch = options.fetch || fetch
     this.FormData = options.FormData || window.FormData
@@ -98,11 +98,8 @@ class HTTPTransport {
       }
     }
 
-    if (this.csrf) {
-      requestOptions.credentials = 'same-origin'
-      if (!utils.csrfSafeMethod(method)) {
-        Object.assign(requestOptions.headers, this.csrf)
-      }
+    if (this.auth) {
+      requestOptions = this.auth.authenticate(requestOptions)
     }
 
     let parsedUrl = urlTemplate.parse(link.url)
 
@@ -1,6 +1,6 @@
 {
   "name": "coreapi",
-  "version": "0.0.20",
+  "version": "0.0.21",
   "description": "Javascript client library for Core API",
   "main": "lib/index.js",
   "scripts": {
 
@@ -1,4 +1,5 @@
 const transports = require('../../lib/transports')
+const auth = require('../../lib/auth')
 const codecs = require('../../lib/codecs')
 const errors = require('../../lib/errors')
 const document = require('../../lib/document')
@@ -140,9 +141,13 @@ describe('Test the HTTPTransport', function () {
   it('CSRF should be included with POST requests.', function () {
     const url = 'http://www.example.com/'
     const link = new document.Link(url, 'post')
-    const csrf = {'X-CSRFToken': 'abc'}
+    const sessionAuth = new auth.SessionAuthentication({
+      csrfCookieName: 'csrftoken',
+      csrfHeaderName: 'X-CSRFToken',
+      cookieString: 'csrftoken=abc'
+    })
     const transport = new transports.HTTPTransport({
-      csrf: csrf,
+      auth: sessionAuth,
       fetch: testUtils.echo
     })
 
@@ -152,12 +157,35 @@ describe('Test the HTTPTransport', function () {
       })
   })
 
+  it('CSRF should not be included when no CSRF cookie exists.', function () {
+    const url = 'http://www.example.com/'
+    const link = new document.Link(url, 'post')
+    const sessionAuth = new auth.SessionAuthentication({
+      csrfCookieName: 'csrftoken',
+      csrfHeaderName: 'X-CSRFToken',
+      cookieString: ''
+    })
+    const transport = new transports.HTTPTransport({
+      auth: sessionAuth,
+      fetch: testUtils.echo
+    })
+
+    return transport.action(link, decoders)
+      .then((res) => {
+        expect(res).toEqual({url: 'http://www.example.com/', headers: {}, method: 'POST'})
+      })
+  })
+
   it('CSRF should not be included with GET requests.', function () {
     const url = 'http://www.example.com/'
     const link = new document.Link(url, 'get')
-    const csrf = {'X-CSRFToken': 'abc'}
+    const sessionAuth = new auth.SessionAuthentication({
+      csrfCookieName: 'csrftoken',
+      csrfHeaderName: 'X-CSRFToken',
+      cookieString: 'csrftoken=abc'
+    })
     const transport = new transports.HTTPTransport({
-      csrf: csrf,
+      auth: sessionAuth,
       fetch: testUtils.echo
     })
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "coreapi",`
`3`		`- "version": "0.0.20",`
	`3`	`+ "version": "0.0.21",`
`4`	`4`	`"description": "Javascript client library for Core API",`
`5`	`5`	`"main": "lib/index.js",`
`6`	`6`	`"scripts": {`