[#7525] made Bearer prefix case-insensitive
This commit is contained in:
Gani Georgiev
@@ -1,3 +1,8 @@
|
|||||||
|
## v0.36.4 (WIP)
|
||||||
|
|
||||||
|
- Made the optional `Bearer` token prefix case-insensitive ([#7525](https://github.com/pocketbase/pocketbase/pull/7525); thanks @benjamesfleming).
|
||||||
|
|
||||||
|
|
||||||
## v0.36.3
|
## v0.36.3
|
||||||
|
|
||||||
- Added `Accept-Encoding: identity` to the S3 requests per the suggestion in [#7523](https://github.com/pocketbase/pocketbase/issues/7523).
|
- Added `Accept-Encoding: identity` to the S3 requests per the suggestion in [#7523](https://github.com/pocketbase/pocketbase/issues/7523).
|
||||||
|
|||||||
@@ -207,11 +207,13 @@ func loadAuthToken() *hook.Handler[*core.RequestEvent] {
|
|||||||
|
|
||||||
func getAuthTokenFromRequest(e *core.RequestEvent) string {
|
func getAuthTokenFromRequest(e *core.RequestEvent) string {
|
||||||
token := e.Request.Header.Get("Authorization")
|
token := e.Request.Header.Get("Authorization")
|
||||||
if token != "" {
|
|
||||||
// the schema prefix is not required and it is only for
|
// the "Bearer" schema prefix is not required by PocketBase and it is
|
||||||
// compatibility with the defaults of some HTTP clients
|
// supported only for compatibility with the defaults of some HTTP clients
|
||||||
token = strings.TrimPrefix(token, "Bearer ")
|
if len(token) > 7 && strings.EqualFold(token[:7], "Bearer ") {
|
||||||
|
return token[7:]
|
||||||
}
|
}
|
||||||
|
|
||||||
return token
|
return token
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -224,6 +224,22 @@ func TestRequireAuth(t *testing.T) {
|
|||||||
ExpectedStatus: 200,
|
ExpectedStatus: 200,
|
||||||
ExpectedContent: []string{"test123"},
|
ExpectedContent: []string{"test123"},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "valid record auth token with Bearer case-insensitive prefix",
|
||||||
|
Method: http.MethodGet,
|
||||||
|
URL: "/my/test",
|
||||||
|
Headers: map[string]string{
|
||||||
|
// regular user
|
||||||
|
"Authorization": "BeArEr eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo",
|
||||||
|
},
|
||||||
|
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
|
||||||
|
e.Router.GET("/my/test", func(e *core.RequestEvent) error {
|
||||||
|
return e.String(200, "test123")
|
||||||
|
}).Bind(apis.RequireAuth())
|
||||||
|
},
|
||||||
|
ExpectedStatus: 200,
|
||||||
|
ExpectedContent: []string{"test123"},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, scenario := range scenarios {
|
for _, scenario := range scenarios {
|
||||||
|
|||||||
@@ -232,7 +232,8 @@ func (scenario *ApiScenario) test(t testing.TB) {
|
|||||||
|
|
||||||
// set scenario headers
|
// set scenario headers
|
||||||
for k, v := range scenario.Headers {
|
for k, v := range scenario.Headers {
|
||||||
req.Header.Set(k, v)
|
// trim whitespaces for consistency with the net/http request parsing
|
||||||
|
req.Header.Set(k, strings.TrimSpace(v))
|
||||||
}
|
}
|
||||||
|
|
||||||
// execute request
|
// execute request
|
||||||
|
|||||||
Reference in New Issue
Block a user