Upgrade dependencies

auth/dataset_permissions_request_builder.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/ONSdigital/dp-api-clients-go/headers"
+	"github.com/ONSdigital/dp-api-clients-go/v2/headers"
 )
 
 // DatasetPermissionsRequestBuilder is an implementation of the GetPermissionsRequestBuilder interface that creates a
@@ -87,7 +87,7 @@ func (builder *DatasetPermissionsRequestBuilder) createUserDatasetPermissionsReq
 		return nil, err
 	}
 
-	if err := headers.SetUserAuthToken(getPermissionsReq, params.userAuthToken); err != nil {
+	if err := headers.SetAuthToken(getPermissionsReq, params.userAuthToken); err != nil {
 		return nil, err
 	}
 

auth/dataset_permissions_request_builder_test.go

@@ -6,7 +6,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/ONSdigital/dp-api-clients-go/headers"
+	"github.com/ONSdigital/dp-api-clients-go/v2/headers"
 	. "github.com/smartystreets/goconvey/convey"
 )
 
@@ -106,17 +106,21 @@ func TestDatasetPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		}
 
 		req := httptest.NewRequest("GET", testHost, nil)
-		headers.SetUserAuthToken(req, "111")
+		headers.SetAuthToken(req, "111")
 		headers.SetCollectionID(req, "222")
 
 		actual, err := builder.NewPermissionsRequest(req)
 
 		So(err, ShouldBeNil)
 		So(actual.URL.String(), ShouldEqual, fmt.Sprintf(userDatasetPermissionsURL, testHost, "333", "222"))
 
-		token, err := headers.GetUserAuthToken(actual)
+		userToken, err := headers.GetUserAuthToken(actual)
 		So(err, ShouldBeNil)
-		So(token, ShouldEqual, "111")
+		So(userToken, ShouldEqual, "111")
+
+		serviceToken, err := headers.GetServiceAuthToken(actual)
+		So(err, ShouldBeNil)
+		So(serviceToken, ShouldEqual, "111")
 	})
 
 	Convey("should return expected get service dataset permissions request", t, func() {
@@ -136,9 +140,13 @@ func TestDatasetPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(actual.URL.String(), ShouldEqual, fmt.Sprintf(serviceDatasetPermissionsURL, testHost, "333"))
 
-		token, err := headers.GetServiceAuthToken(actual)
+		serviceToken, err := headers.GetServiceAuthToken(actual)
 		So(err, ShouldBeNil)
-		So(token, ShouldEqual, "111")
+		So(serviceToken, ShouldEqual, "111")
+
+		userToken, err := headers.GetUserAuthToken(actual)
+		So(err, ShouldNotBeNil)
+		So(userToken, ShouldBeEmpty)
 	})
 
 	Convey("should return get user dataset permissions request if request contains both user and service auth headers", t, func() {
@@ -153,17 +161,21 @@ func TestDatasetPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		req := httptest.NewRequest("GET", testHost, nil)
 
 		headers.SetServiceAuthToken(req, "222")
-		headers.SetUserAuthToken(req, "333")
+		headers.SetAuthToken(req, "333")
 		headers.SetCollectionID(req, "444")
 
 		actual, err := builder.NewPermissionsRequest(req)
 
 		So(err, ShouldBeNil)
 		So(actual.URL.String(), ShouldEqual, fmt.Sprintf(userDatasetPermissionsURL, testHost, "111", "444"))
 
-		token, err := headers.GetUserAuthToken(actual)
+		userToken, err := headers.GetUserAuthToken(actual)
+		So(err, ShouldBeNil)
+		So(userToken, ShouldEqual, "333")
+
+		serviceToken, err := headers.GetServiceAuthToken(actual)
 		So(err, ShouldBeNil)
-		So(token, ShouldEqual, "333")
+		So(serviceToken, ShouldEqual, "333")
 	})
 }
 

auth/permissions_request_builder.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/ONSdigital/dp-api-clients-go/headers"
+	"github.com/ONSdigital/dp-api-clients-go/v2/headers"
 )
 
 // PermissionsRequestBuilder is an implementation of the GetPermissionsRequestBuilder interface that creates a
@@ -49,7 +49,7 @@ func (builder *PermissionsRequestBuilder) createUserPermissionsRequest(authToken
 		return nil, err
 	}
 
-	if err := headers.SetUserAuthToken(getPermissionsRequest, authToken); err != nil {
+	if err := headers.SetAuthToken(getPermissionsRequest, authToken); err != nil {
 		return nil, err
 	}
 

auth/permissions_request_builder_test.go

@@ -5,7 +5,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/ONSdigital/dp-api-clients-go/headers"
+	"github.com/ONSdigital/dp-api-clients-go/v2/headers"
 	. "github.com/smartystreets/goconvey/convey"
 )
 
@@ -48,7 +48,7 @@ func TestPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 	Convey("should return expected error if error creating new http request", t, func() {
 		builder := &PermissionsRequestBuilder{Host: "$%^&*(()"}
 		inboundReq := httptest.NewRequest("GET", testHost, nil)
-		headers.SetUserAuthToken(inboundReq, "666")
+		headers.SetAuthToken(inboundReq, "666")
 
 		actual, err := builder.NewPermissionsRequest(inboundReq)
 
@@ -62,7 +62,7 @@ func TestPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 	Convey("should return get user permissions request if inbound request contains user auth header", t, func() {
 		builder := &PermissionsRequestBuilder{Host: testHost}
 		inboundReq := httptest.NewRequest("GET", testHost, nil)
-		headers.SetUserAuthToken(inboundReq, "666")
+		headers.SetAuthToken(inboundReq, "666")
 
 		actual, err := builder.NewPermissionsRequest(inboundReq)
 
@@ -72,6 +72,10 @@ func TestPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		token, err := headers.GetUserAuthToken(actual)
 		So(err, ShouldBeNil)
 		So(token, ShouldEqual, "666")
+
+		serviceAuthToken, err := headers.GetServiceAuthToken(actual)
+		So(err, ShouldBeNil)
+		So(serviceAuthToken, ShouldEqual, "666")
 	})
 
 	Convey("should return get service permissions request if inbound request contains service auth header", t, func() {
@@ -87,13 +91,17 @@ func TestPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		token, err := headers.GetServiceAuthToken(actual)
 		So(err, ShouldBeNil)
 		So(token, ShouldEqual, "666")
+
+		userAuthToken, err := headers.GetUserAuthToken(actual)
+		So(err, ShouldNotBeNil)
+		So(userAuthToken, ShouldBeEmpty)
 	})
 
 	Convey("should return get user permissions request if inbound request contains both user and service auth headers", t, func() {
 		builder := &PermissionsRequestBuilder{Host: testHost}
 		inboundReq := httptest.NewRequest("GET", testHost, nil)
 		headers.SetServiceAuthToken(inboundReq, "666")
-		headers.SetUserAuthToken(inboundReq, "777")
+		headers.SetAuthToken(inboundReq, "777")
 
 		actual, err := builder.NewPermissionsRequest(inboundReq)
 
@@ -105,7 +113,7 @@ func TestPermissionsRequestBuilder_NewPermissionsRequest(t *testing.T) {
 		So(userAuthToken, ShouldEqual, "777")
 
 		serviceAuthToken, err := headers.GetServiceAuthToken(actual)
-		So(headers.IsErrNotFound(err), ShouldBeTrue)
-		So(serviceAuthToken, ShouldBeEmpty)
+		So(err, ShouldBeNil)
+		So(serviceAuthToken, ShouldEqual, "777")
 	})
 }

go.mod

@@ -2,11 +2,17 @@ module github.com/ONSdigital/dp-authorisation
 
 go 1.13
 
+// to avoid the following vulnerabilities:
+//     - CVE-2022-29153 # pkg:golang/github.com/hashicorp/consul/[email protected] and pkg:golang/github.com/hashicorp/consul/[email protected]
+//     - sonatype-2021-1401 # pkg:golang/github.com/miekg/[email protected]
+//     - sonatype-2019-0890 # pkg:golang/github.com/pkg/[email protected]
+replace github.com/spf13/cobra => github.com/spf13/cobra v1.7.0
+
 require (
-	github.com/ONSdigital/dp-api-clients-go v1.34.3
+	github.com/ONSdigital/dp-api-clients-go/v2 v2.252.1
 	github.com/ONSdigital/dp-rchttp v1.0.0
 	github.com/ONSdigital/go-ns v0.0.0-20200205115900-a11716f93bad // indirect
-	github.com/ONSdigital/log.go/v2 v2.0.5
+	github.com/ONSdigital/log.go/v2 v2.4.1
 	github.com/gorilla/mux v1.8.0
-	github.com/smartystreets/goconvey v1.6.4
+	github.com/smartystreets/goconvey v1.8.0
 )