From a5acb20d0eeb13603a0b89101fbc68cb3a20027f Mon Sep 17 00:00:00 2001 From: Jannis Mattheis Date: Thu, 15 Feb 2018 19:40:27 +0100 Subject: [PATCH] Use custom header for authentication --- auth/authentication.go | 9 ++------- auth/authentication_test.go | 36 ++++++++++++++++++------------------ router/router_test.go | 11 ++++++----- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/auth/authentication.go b/auth/authentication.go index 7af91aa..284f7ed 100644 --- a/auth/authentication.go +++ b/auth/authentication.go @@ -2,15 +2,13 @@ package auth import ( "errors" - "strings" "github.com/gin-gonic/gin" "github.com/gotify/server/model" ) const ( - headerName = "Authorization" - headerSchema = "ApiKey " + headerName = "X-Gotify-Key" ) // The Database interface for encapsulating database access. @@ -83,10 +81,7 @@ func (a *Auth) tokenFromQuery(ctx *gin.Context) string { } func (a *Auth) tokenFromHeader(ctx *gin.Context) string { - if header := ctx.Request.Header.Get(headerName); header != "" && strings.HasPrefix(header, headerSchema) { - return strings.TrimPrefix(header, headerSchema) - } - return "" + return ctx.Request.Header.Get(headerName) } func (a *Auth) userFromBasicAuth(ctx *gin.Context) *model.User { diff --git a/auth/authentication_test.go b/auth/authentication_test.go index 3d04f00..f2ce5e2 100644 --- a/auth/authentication_test.go +++ b/auth/authentication_test.go @@ -90,9 +90,9 @@ func (s *AuthenticationSuite) TestNothingProvided() { func (s *AuthenticationSuite) TestHeaderApiKeyToken() { // not existing token - s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireApplicationToken, 401) - s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireClient, 401) - s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireAdmin, 401) + s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireApplicationToken, 401) + s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireClient, 401) + s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireAdmin, 401) // no authentication schema s.assertHeaderRequest("Authorization", "ergerogerg", s.auth.RequireApplicationToken, 401) @@ -105,25 +105,25 @@ func (s *AuthenticationSuite) TestHeaderApiKeyToken() { s.assertHeaderRequest("Authorization", "ApiKeyx clienttoken", s.auth.RequireAdmin, 401) // not existing key - s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401) - s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireClient, 401) - s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireAdmin, 401) + s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireApplicationToken, 401) + s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireClient, 401) + s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireAdmin, 401) // apptoken - s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireApplicationToken, 200) - s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireClient, 401) - s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireAdmin, 401) - s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireApplicationToken, 200) - s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireClient, 401) - s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireAdmin, 401) + s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireApplicationToken, 200) + s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireClient, 401) + s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireAdmin, 401) + s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireApplicationToken, 200) + s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireClient, 401) + s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireAdmin, 401) // clienttoken - s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401) - s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireClient, 200) - s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireAdmin, 403) - s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireApplicationToken, 401) - s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireClient, 200) - s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireAdmin, 200) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireApplicationToken, 401) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireClient, 200) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireAdmin, 403) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireApplicationToken, 401) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireClient, 200) + s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireAdmin, 200) } func (s *AuthenticationSuite) TestBasicAuth() { diff --git a/router/router_test.go b/router/router_test.go index ef9a2a5..b22c966 100644 --- a/router/router_test.go +++ b/router/router_test.go @@ -61,7 +61,7 @@ func (s *IntegrationSuite) TestSendMessage() { assert.Equal(s.T(), "backup-server", token.Name) req = s.newRequest("POST", "message", `{"message": "backup done", "title": "backup done"}`) - req.Header.Add("Authorization", fmt.Sprintf("ApiKey %s", token.ID)) + req.Header.Add("X-Gotify-Key", token.ID) res, err = client.Do(req) assert.Nil(s.T(), err) assert.Equal(s.T(), 200, res.StatusCode) @@ -71,10 +71,11 @@ func (s *IntegrationSuite) TestSendMessage() { res, err = client.Do(req) assert.Nil(s.T(), err) assert.Equal(s.T(), 200, res.StatusCode) - msgs := &[]*model.Message{} - json.NewDecoder(res.Body).Decode(msgs) - assert.Len(s.T(), *msgs, 1) - msg := (*msgs)[0] + var msgs []model.Message + json.NewDecoder(res.Body).Decode(&msgs) + assert.Len(s.T(), msgs, 1) + + msg := msgs[0] assert.Equal(s.T(), "backup done", msg.Message) assert.Equal(s.T(), "backup done", msg.Title) assert.Equal(s.T(), uint(1), msg.ID)