MCPcopy Index your code
hub / github.com/coder/coder / TestAPITokenFromRequest

Function TestAPITokenFromRequest

coderd/httpmw/rfc6750_test.go:157–231  ·  view source on GitHub ↗

TestAPITokenFromRequest tests the RFC 6750 bearer token extraction directly

(t *testing.T)

Source from the content-addressed store, hash-verified

155
156// TestAPITokenFromRequest tests the RFC 6750 bearer token extraction directly
157func TestAPITokenFromRequest(t *testing.T) {
158 t.Parallel()
159
160 token := "test-token-value"
161 customToken := "custom-token"
162 cookieToken := "cookie-token"
163
164 tests := []struct {
165 name string
166 setupReq func(*http.Request)
167 expected string
168 }{
169 {
170 name: "AuthorizationBearerHeader",
171 setupReq: func(req *http.Request) {
172 req.Header.Set("Authorization", "Bearer "+token)
173 },
174 expected: token,
175 },
176 {
177 name: "AccessTokenQueryParameter",
178 setupReq: func(req *http.Request) {
179 q := req.URL.Query()
180 q.Set("access_token", token)
181 req.URL.RawQuery = q.Encode()
182 },
183 expected: token,
184 },
185 {
186 name: "CustomMethodsPriorityOverBearer",
187 setupReq: func(req *http.Request) {
188 req.Header.Set(codersdk.SessionTokenHeader, customToken)
189 req.Header.Set("Authorization", "Bearer "+token)
190 },
191 expected: customToken,
192 },
193 {
194 name: "CookiePriorityOverBearer",
195 setupReq: func(req *http.Request) {
196 req.AddCookie(&http.Cookie{
197 Name: codersdk.SessionTokenCookie,
198 Value: cookieToken,
199 })
200 req.Header.Set("Authorization", "Bearer "+token)
201 },
202 expected: cookieToken,
203 },
204 {
205 name: "NoTokenReturnsEmpty",
206 setupReq: func(req *http.Request) {
207 // No authentication provided
208 },
209 expected: "",
210 },
211 {
212 name: "InvalidAuthorizationHeaderIgnored",
213 setupReq: func(req *http.Request) {
214 req.Header.Set("Authorization", "Basic dXNlcjpwYXNz") // Basic auth, not Bearer

Callers

nothing calls this directly

Calls 5

APITokenFromRequestFunction · 0.92
EncodeMethod · 0.80
SetMethod · 0.65
RunMethod · 0.65
EqualMethod · 0.45

Tested by

no test coverage detected