Skip to content

Commit

Permalink
fix: disallow multiple auth headers (#3607)
Browse files Browse the repository at this point in the history
  • Loading branch information
paullatzelsperger authored Nov 14, 2023
1 parent 72a522a commit c27c299
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,6 @@ public boolean isAuthenticated(Map<String, List<String>> headers) {
}

private boolean checkApiKeyValid(List<String> apiKeys) {
return apiKeys.stream().anyMatch(hardCodedApiKey::equalsIgnoreCase);
return apiKeys.size() == 1 && apiKeys.stream().allMatch(hardCodedApiKey::equalsIgnoreCase);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ void isAuthorized_notAuthorized() {
}

@Test
void isAuthorized_multipleValues_oneAuthorized() {
void isAuthorized_multipleValues_oneAuthorized_shouldReturnFalse() {
var map = Map.of("x-api-key", List.of("invalid_api_key", TEST_API_KEY));
assertThat(service.isAuthenticated(map)).isTrue();
assertThat(service.isAuthenticated(map)).isFalse();
}
}

0 comments on commit c27c299

Please sign in to comment.