Use custom header for authentication

2018-02-15 19:40:27 +01:00 · 2018-02-15 19:40:27 +01:00 · a5acb20d0e
parent 1e7e1a71f7
commit a5acb20d0e
3 changed files with 26 additions and 30 deletions
--- a/auth/authentication.go
+++ b/auth/authentication.go
@ -2,15 +2,13 @@ package auth
 import (
 	"errors"
 	"strings"
 	"github.com/gin-gonic/gin"
 	"github.com/gotify/server/model"
 )
 const (
-	headerName   = "Authorization"
+	headerName   = "X-Gotify-Key"
 	headerSchema = "ApiKey "
 )
 // The Database interface for encapsulating database access.
@ -83,10 +81,7 @@ func (a *Auth) tokenFromQuery(ctx *gin.Context) string {
 }
 func (a *Auth) tokenFromHeader(ctx *gin.Context) string {
-	if header := ctx.Request.Header.Get(headerName); header != "" && strings.HasPrefix(header, headerSchema) {
+	return ctx.Request.Header.Get(headerName)
 		return strings.TrimPrefix(header, headerSchema)
 	}
 	return ""
 }
 func (a *Auth) userFromBasicAuth(ctx *gin.Context) *model.User {
--- a/auth/authentication_test.go
+++ b/auth/authentication_test.go
@ -90,9 +90,9 @@ func (s *AuthenticationSuite) TestNothingProvided() {
 func (s *AuthenticationSuite) TestHeaderApiKeyToken() {
 	// not existing token
-	s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireApplicationToken, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireApplicationToken, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireClient, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireClient, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireAdmin, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireAdmin, 401)
 	// no authentication schema
 	s.assertHeaderRequest("Authorization", "ergerogerg", s.auth.RequireApplicationToken, 401)
@ -105,25 +105,25 @@ func (s *AuthenticationSuite) TestHeaderApiKeyToken() {
 	s.assertHeaderRequest("Authorization", "ApiKeyx clienttoken", s.auth.RequireAdmin, 401)
 	// not existing key
-	s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401)
+	s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireApplicationToken, 401)
-	s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireClient, 401)
+	s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireClient, 401)
-	s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireAdmin, 401)
+	s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireAdmin, 401)
 	// apptoken
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireApplicationToken, 200)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireApplicationToken, 200)
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireClient, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireClient, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireAdmin, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireAdmin, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireApplicationToken, 200)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireApplicationToken, 200)
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireClient, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireClient, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireAdmin, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireAdmin, 401)
 	// clienttoken
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireApplicationToken, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireClient, 200)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireClient, 200)
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireAdmin, 403)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireAdmin, 403)
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireApplicationToken, 401)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireApplicationToken, 401)
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireClient, 200)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireClient, 200)
-	s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireAdmin, 200)
+	s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireAdmin, 200)
 }
 func (s *AuthenticationSuite) TestBasicAuth() {
--- a/router/router_test.go
+++ b/router/router_test.go
@ -61,7 +61,7 @@ func (s *IntegrationSuite) TestSendMessage() {
 	assert.Equal(s.T(), "backup-server", token.Name)
 	req = s.newRequest("POST", "message", `{"message": "backup done", "title": "backup done"}`)
-	req.Header.Add("Authorization", fmt.Sprintf("ApiKey %s", token.ID))
+	req.Header.Add("X-Gotify-Key", token.ID)
 	res, err = client.Do(req)
 	assert.Nil(s.T(), err)
 	assert.Equal(s.T(), 200, res.StatusCode)
@ -71,10 +71,11 @@ func (s *IntegrationSuite) TestSendMessage() {
 	res, err = client.Do(req)
 	assert.Nil(s.T(), err)
 	assert.Equal(s.T(), 200, res.StatusCode)
-	msgs := &[]*model.Message{}
+	var msgs []model.Message
-	json.NewDecoder(res.Body).Decode(msgs)
+	json.NewDecoder(res.Body).Decode(&msgs)
-	assert.Len(s.T(), *msgs, 1)
+	assert.Len(s.T(), msgs, 1)
-	msg := (*msgs)[0]
+
 	msg := msgs[0]
 	assert.Equal(s.T(), "backup done", msg.Message)
 	assert.Equal(s.T(), "backup done", msg.Title)
 	assert.Equal(s.T(), uint(1), msg.ID)