TestAPITokenFromRequest tests the RFC 6750 bearer token extraction directly
(t *testing.T)
| 155 | |
| 156 | // TestAPITokenFromRequest tests the RFC 6750 bearer token extraction directly |
| 157 | func TestAPITokenFromRequest(t *testing.T) { |
| 158 | t.Parallel() |
| 159 | |
| 160 | token := "test-token-value" |
| 161 | customToken := "custom-token" |
| 162 | cookieToken := "cookie-token" |
| 163 | |
| 164 | tests := []struct { |
| 165 | name string |
| 166 | setupReq func(*http.Request) |
| 167 | expected string |
| 168 | }{ |
| 169 | { |
| 170 | name: "AuthorizationBearerHeader", |
| 171 | setupReq: func(req *http.Request) { |
| 172 | req.Header.Set("Authorization", "Bearer "+token) |
| 173 | }, |
| 174 | expected: token, |
| 175 | }, |
| 176 | { |
| 177 | name: "AccessTokenQueryParameter", |
| 178 | setupReq: func(req *http.Request) { |
| 179 | q := req.URL.Query() |
| 180 | q.Set("access_token", token) |
| 181 | req.URL.RawQuery = q.Encode() |
| 182 | }, |
| 183 | expected: token, |
| 184 | }, |
| 185 | { |
| 186 | name: "CustomMethodsPriorityOverBearer", |
| 187 | setupReq: func(req *http.Request) { |
| 188 | req.Header.Set(codersdk.SessionTokenHeader, customToken) |
| 189 | req.Header.Set("Authorization", "Bearer "+token) |
| 190 | }, |
| 191 | expected: customToken, |
| 192 | }, |
| 193 | { |
| 194 | name: "CookiePriorityOverBearer", |
| 195 | setupReq: func(req *http.Request) { |
| 196 | req.AddCookie(&http.Cookie{ |
| 197 | Name: codersdk.SessionTokenCookie, |
| 198 | Value: cookieToken, |
| 199 | }) |
| 200 | req.Header.Set("Authorization", "Bearer "+token) |
| 201 | }, |
| 202 | expected: cookieToken, |
| 203 | }, |
| 204 | { |
| 205 | name: "NoTokenReturnsEmpty", |
| 206 | setupReq: func(req *http.Request) { |
| 207 | // No authentication provided |
| 208 | }, |
| 209 | expected: "", |
| 210 | }, |
| 211 | { |
| 212 | name: "InvalidAuthorizationHeaderIgnored", |
| 213 | setupReq: func(req *http.Request) { |
| 214 | req.Header.Set("Authorization", "Basic dXNlcjpwYXNz") // Basic auth, not Bearer |
nothing calls this directly
no test coverage detected