Skip to content

Commit

Permalink
Allow token propagation if token type is not specified
Browse files Browse the repository at this point in the history
Signed-off-by: Ruben Vargas <[email protected]>
  • Loading branch information
rubenvp8510 committed Jul 25, 2019
1 parent 966dd7e commit ed35e2e
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
23 changes: 13 additions & 10 deletions cmd/query/app/token_propagation_hander_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,19 @@ func Test_bearTokenPropagationHandler(t *testing.T) {
}

testCases := []struct {
name string
sendHeader bool
header string
handler func(stop *sync.WaitGroup) http.HandlerFunc
name string
sendHeader bool
headerValue string
headerName string
handler func(stop *sync.WaitGroup) http.HandlerFunc
}{
{ name:"Bearer token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler},
{ name:"Invalid header",sendHeader: true, header: bearerToken, handler:emptyHandler},
{ name:"No header", sendHeader: false, handler:emptyHandler},
{ name:"Basic Auth", sendHeader: true, header: "Basic " + bearerToken, handler:emptyHandler},
{ name:"X-Forwarded-Access-Token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler},
{ name:"Bearer token", sendHeader: true, headerName:"Authorization", headerValue: "Bearer " + bearerToken, handler:validTokenHandler},
{ name:"Raw bearer token",sendHeader: true, headerName:"Authorization", headerValue: bearerToken, handler:validTokenHandler},
{ name:"No headerValue", sendHeader: false, headerName:"Authorization", handler:emptyHandler},
{ name:"Basic Auth", sendHeader: true, headerName:"Authorization", headerValue: "Basic " + bearerToken, handler:emptyHandler},
{ name:"X-Forwarded-Access-Token", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken, handler:validTokenHandler},
{ name:"Invalid header", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken + " another stuff", handler:emptyHandler},

}

for _, testCase := range testCases {
Expand All @@ -73,7 +76,7 @@ func Test_bearTokenPropagationHandler(t *testing.T) {
req , err := http.NewRequest("GET", server.URL, nil)
assert.Nil(t,err)
if testCase.sendHeader {
req.Header.Add("Authorization", testCase.header)
req.Header.Add(testCase.headerName, testCase.headerValue)
}
_, err = httpClient.Do(req)
assert.Nil(t, err)
Expand Down
7 changes: 5 additions & 2 deletions cmd/query/app/token_propagation_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
authHeaderValue := r.Header.Get("Authorization")
// If no Authorization header is present, try with X-Forwarded-Access-Token
// If no Authorization headerValue is present, try with X-Forwarded-Access-Token
if authHeaderValue == "" {
authHeaderValue = r.Header.Get("X-Forwarded-Access-Token")
}
Expand All @@ -39,8 +39,11 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand
if headerValue[0] == "Bearer" {
token = headerValue[1]
}
} else if len(headerValue) == 1 {
// Tread all value as a token
token = authHeaderValue
} else {
logger.Warn("Invalid authorization header, skipping bearer token propagation")
logger.Warn("Invalid authorization header value, skipping token propagation")
}
h.ServeHTTP(w, r.WithContext(spanstore.ContextWithBearerToken(ctx, token)))
} else {
Expand Down

0 comments on commit ed35e2e

Please sign in to comment.