Merge pull request #139 from topcoder-platform/fix-jwt-joi-validation

Allow unknown properties on the JWT

Author: jmgasper

src/app.js

@@ -63,7 +63,11 @@ _.forEach(routes, (verbs, path) => {
       if (!req.authUser) {
         return next(new errors.UnauthorizedError('Authorization failed.'));
       }
-      req.currentUser = req.authUser;
+
+      req.currentUser = {
+        handle: _.get(req, 'authUser.handle', '').toLowerCase(),
+        roles: _.get(req, 'authUser.roles', [])
+      };
 
       return next();
     });

src/services/ProjectService.js

@@ -28,7 +28,7 @@ const Project = models.Project;
 const currentUserSchema = Joi.object().keys({
   handle: Joi.string().required(),
   roles: Joi.array().required(),
-});
+}).unknown(true);
 const projectSchema = {
   project: {
     id: Joi.string().required(),