Skip to content

Commit ed35e2e

Browse files
rubenvp8510rubenvp8510
committed
Allow token propagation if token type is not specified
Signed-off-by: Ruben Vargas <ruben.vp8510@gmail.com>
1 parent 966dd7e commit ed35e2e

File tree

2 files changed

+18
-12
lines changed

2 files changed

+18
-12
lines changed

cmd/query/app/token_propagation_hander_test.go

+13-10
Original file line numberDiff line numberDiff line change
@@ -51,16 +51,19 @@ func Test_bearTokenPropagationHandler(t *testing.T) {
5151
}
5252

5353
testCases := []struct {
54-
name string
55-
sendHeader bool
56-
header string
57-
handler func(stop *sync.WaitGroup) http.HandlerFunc
54+
name string
55+
sendHeader bool
56+
headerValue string
57+
headerName string
58+
handler func(stop *sync.WaitGroup) http.HandlerFunc
5859
}{
59-
{ name:"Bearer token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler},
60-
{ name:"Invalid header",sendHeader: true, header: bearerToken, handler:emptyHandler},
61-
{ name:"No header", sendHeader: false, handler:emptyHandler},
62-
{ name:"Basic Auth", sendHeader: true, header: "Basic " + bearerToken, handler:emptyHandler},
63-
{ name:"X-Forwarded-Access-Token", sendHeader: true, header: "Bearer " + bearerToken, handler:validTokenHandler},
60+
{ name:"Bearer token", sendHeader: true, headerName:"Authorization", headerValue: "Bearer " + bearerToken, handler:validTokenHandler},
61+
{ name:"Raw bearer token",sendHeader: true, headerName:"Authorization", headerValue: bearerToken, handler:validTokenHandler},
62+
{ name:"No headerValue", sendHeader: false, headerName:"Authorization", handler:emptyHandler},
63+
{ name:"Basic Auth", sendHeader: true, headerName:"Authorization", headerValue: "Basic " + bearerToken, handler:emptyHandler},
64+
{ name:"X-Forwarded-Access-Token", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken, handler:validTokenHandler},
65+
{ name:"Invalid header", headerName:"X-Forwarded-Access-Token", sendHeader: true, headerValue: "Bearer " + bearerToken + " another stuff", handler:emptyHandler},
66+
6467
}
6568

6669
for _, testCase := range testCases {
@@ -73,7 +76,7 @@ func Test_bearTokenPropagationHandler(t *testing.T) {
7376
req , err := http.NewRequest("GET", server.URL, nil)
7477
assert.Nil(t,err)
7578
if testCase.sendHeader {
76-
req.Header.Add("Authorization", testCase.header)
79+
req.Header.Add(testCase.headerName, testCase.headerValue)
7780
}
7881
_, err = httpClient.Do(req)
7982
assert.Nil(t, err)

cmd/query/app/token_propagation_handler.go

+5-2
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand
2727
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
2828
ctx := r.Context()
2929
authHeaderValue := r.Header.Get("Authorization")
30-
// If no Authorization header is present, try with X-Forwarded-Access-Token
30+
// If no Authorization headerValue is present, try with X-Forwarded-Access-Token
3131
if authHeaderValue == "" {
3232
authHeaderValue = r.Header.Get("X-Forwarded-Access-Token")
3333
}
@@ -39,8 +39,11 @@ func bearerTokenPropagationHandler(logger *zap.Logger, h http.Handler) http.Hand
3939
if headerValue[0] == "Bearer" {
4040
token = headerValue[1]
4141
}
42+
} else if len(headerValue) == 1 {
43+
// Tread all value as a token
44+
token = authHeaderValue
4245
} else {
43-
logger.Warn("Invalid authorization header, skipping bearer token propagation")
46+
logger.Warn("Invalid authorization header value, skipping token propagation")
4447
}
4548
h.ServeHTTP(w, r.WithContext(spanstore.ContextWithBearerToken(ctx, token)))
4649
} else {

0 commit comments

Comments
 (0)