Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Accept lowercase Authorization tokens.

Browse Source
This commit is contained in:
Ruben Verborgh
2021-12-03 11:55:43 +01:00
parent 5a01f09f81
commit 9c52011add
6 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
test/unit/authentication/BearerWebIdExtractor.test.ts
View File

@@ -62,6 +62,21 @@ describe('A BearerWebIdExtractor', (): void => {
});
});
describe('on a request with Authorization and a lowercase Bearer token', (): void => {
const request = {
method: 'GET',
headers: {
authorization: 'bearer token-1234',
},
} as any as HttpRequest;
it('calls the Bearer verifier with the correct parameters.', async(): Promise<void> => {
await webIdExtractor.handleSafe(request);
expect(solidTokenVerifier).toHaveBeenCalledTimes(1);
expect(solidTokenVerifier).toHaveBeenCalledWith('bearer token-1234');
});
});
describe('when verification throws an error', (): void => {
const request = {
method: 'GET',

16
test/unit/authentication/DPoPWebIdExtractor.test.ts
View File

@@ -90,6 +90,22 @@ describe('A DPoPWebIdExtractor', (): void => {
});
});
describe('on a request with Authorization specifying DPoP in lowercase', (): void => {
const request = {
method: 'GET',
headers: {
authorization: 'dpop token-1234',
dpop: 'token-5678',
},
} as any as HttpRequest;
it('calls the target extractor with the correct parameters.', async(): Promise<void> => {
await webIdExtractor.handleSafe(request);
expect(targetExtractor.handle).toHaveBeenCalledTimes(1);
expect(targetExtractor.handle).toHaveBeenCalledWith({ request });
});
});
describe('when verification throws an error', (): void => {
const request = {
method: 'GET',

8
test/unit/authentication/UnsecureWebIdExtractor.test.ts
View File

@@ -20,9 +20,15 @@ describe('An UnsecureWebIdExtractor', (): void => {
await expect(result).rejects.toThrow('No WebID Authorization header specified.');
});
it('returns the authorization header as WebID if there is one.', async(): Promise<void> => {
it('returns the authorization header as WebID if specified.', async(): Promise<void> => {
const headers = { authorization: 'WebID http://alice.example/card#me' };
const result = extractor.handleSafe({ headers } as HttpRequest);
await expect(result).resolves.toEqual({ [CredentialGroup.agent]: { webId: 'http://alice.example/card#me' }});
});
it('returns the authorization header as WebID if specified with a lowercase token.', async(): Promise<void> => {
const headers = { authorization: 'webid http://alice.example/card#me' };
const result = extractor.handleSafe({ headers } as HttpRequest);
await expect(result).resolves.toEqual({ [CredentialGroup.agent]: { webId: 'http://alice.example/card#me' }});
});
});