From ed35e2e6defd8502d73bab6d39091c3e7816770a Mon Sep 17 00:00:00 2001 From: Ruben Vargas Date: Wed, 24 Jul 2019 15:51:25 -0500 Subject: [PATCH] Allow token propagation if token type is not specified Signed-off-by: Ruben Vargas --- .../app/token_propagation_hander_test.go | 23 +++++++++++-------- cmd/query/app/token_propagation_handler.go | 7 ++++-- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/cmd/query/app/token_propagation_hander_test.go b/cmd/query/app/token_propagation_hander_test.go index 67d7de023422..8e1f2a5428b2 100644 --- a/cmd/query/app/token_propagation_hander_test.go +++ b/cmd/query/app/token_propagation_hander_test.go @@ -51,16 +51,19 @@ func Test_bearTokenPropagationHandler(t *testing.T) { } testCases := []struct { - name string - sendHeader bool - header string - handler func(stop *sync.WaitGroup) http.HandlerFunc + name string + sendHeader bool + headerValue string + headerName string + handler func(stop *sync.WaitGroup) http.HandlerFunc }{ - { name:"Bearer token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler}, - { name:"Invalid header",sendHeader: true, header: bearerToken, handler:emptyHandler}, - { name:"No header", sendHeader: false, handler:emptyHandler}, - { name:"Basic Auth", sendHeader: true, header: "Basic " + bearerToken, handler:emptyHandler}, - { name:"X-Forwarded-Access-Token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler}, + { name:"Bearer token", sendHeader: true, headerName:"Authorization", headerValue: "Bearer " + bearerToken, handler:validTokenHandler}, + { name:"Raw bearer token",sendHeader: true, headerName:"Authorization", headerValue: bearerToken, handler:validTokenHandler}, + { name:"No headerValue", sendHeader: false, headerName:"Authorization", handler:emptyHandler}, + { name:"Basic Auth", sendHeader: true, headerName:"Authorization", headerValue: "Basic " + bearerToken, handler:emptyHandler}, + { name:"X-Forwarded-Access-Token", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken, handler:validTokenHandler}, + { name:"Invalid header", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken + " another stuff", handler:emptyHandler}, + } for _, testCase := range testCases { @@ -73,7 +76,7 @@ func Test_bearTokenPropagationHandler(t *testing.T) { req , err := http.NewRequest("GET", server.URL, nil) assert.Nil(t,err) if testCase.sendHeader { - req.Header.Add("Authorization", testCase.header) + req.Header.Add(testCase.headerName, testCase.headerValue) } _, err = httpClient.Do(req) assert.Nil(t, err) diff --git a/cmd/query/app/token_propagation_handler.go b/cmd/query/app/token_propagation_handler.go index c16b9ece662e..74afd33f767b 100644 --- a/cmd/query/app/token_propagation_handler.go +++ b/cmd/query/app/token_propagation_handler.go @@ -27,7 +27,7 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() authHeaderValue := r.Header.Get("Authorization") - // If no Authorization header is present, try with X-Forwarded-Access-Token + // If no Authorization headerValue is present, try with X-Forwarded-Access-Token if authHeaderValue == "" { authHeaderValue = r.Header.Get("X-Forwarded-Access-Token") } @@ -39,8 +39,11 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand if headerValue[0] == "Bearer" { token = headerValue[1] } + } else if len(headerValue) == 1 { + // Tread all value as a token + token = authHeaderValue } else { - logger.Warn("Invalid authorization header, skipping bearer token propagation") + logger.Warn("Invalid authorization header value, skipping token propagation") } h.ServeHTTP(w, r.WithContext(spanstore.ContextWithBearerToken(ctx, token))) } else {