use bearer also in cookie (#124)

OpenSlides · Oct 29, 2020 · 231a0a0 · 231a0a0
1 parent aa06cdb
commit 231a0a0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/cmd/autoupdate/main.go b/cmd/autoupdate/main.go
@@ -54,7 +54,7 @@ func defaultEnv() map[string]string {
 		"AUTH_KEY_TOKEN":        "auth-dev-key",
 		"AUTH_KEY_COOKIE":       "auth-dev-key",
 		"AUTH_SERIVCE_PROTOCOL": "http",
-		"AUTH_SERIVCE_HOST":     "localhost",
+		"AUTH_SERVICE_HOST":     "localhost",
 		"AUTH_SERVICE_PORT":     "9004",
 	}
 
@@ -278,17 +278,17 @@ func buildAuth(env map[string]string, receiver auth.LogoutEventer, closed <-chan
 	method := env["AUTH"]
 	switch method {
 	case "ticket":
-		fmt.Println("Auth Method: token")
+		fmt.Println("Auth Method: ticket")
 		const debugKey = "auth-dev-key"
 		tokenKey := env["AUTH_KEY_TOKEN"]
 		cookieKey := env["AUTH_KEY_COOKIE"]
 		if tokenKey == debugKey || cookieKey == debugKey {
 			fmt.Println("Auth with debug key")
 		}
 
-		protocol := env["AUTH_SERIVCE_PROTOCOL"]
-		host := env["AUTH_SERIVCE_HOST"]
-		port := env["AUTH_SERIVCE_PORT"]
+		protocol := env["AUTH_SERVICE_PROTOCOL"]
+		host := env["AUTH_SERVICE_HOST"]
+		port := env["AUTH_SERVICE_PORT"]
 		url := protocol + "://" + host + ":" + port
 
 		fmt.Printf("Auth Service: %s\n", url)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -180,7 +180,9 @@ func (a *Auth) loadToken(w http.ResponseWriter, r *http.Request, payload jwt.Cla
 		return authError{"Can not find auth token", nil}
 	}
 
-	_, err = jwt.Parse(cookie.Value, jwt.KnownKeyfunc(jwt.SigningMethodHS256, a.cookieKey))
+	encodedCookie := strings.TrimPrefix(cookie.Value, "bearer%20")
+
+	_, err = jwt.Parse(encodedCookie, jwt.KnownKeyfunc(jwt.SigningMethodHS256, a.cookieKey))
 	if err != nil {
 		var invalid *jwt.InvalidSignatureError
 		if errors.As(err, &invalid) {
@@ -201,7 +203,7 @@ func (a *Auth) loadToken(w http.ResponseWriter, r *http.Request, payload jwt.Cla
 			return fmt.Errorf("validating auth token: %w", err)
 		}
 
-		token, err := a.refreshToken(encodedToken, cookie.Value)
+		token, err := a.refreshToken(encodedToken, encodedCookie)
 		if err != nil {
 			return fmt.Errorf("refreshing token: %w", err)
 		}

diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
@@ -27,7 +27,7 @@ func TestAuth(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Can not sign cookie token: %v", err)
 	}
-	validCookie = cookieName + "=" + validCookie
+	validCookie = cookieName + "=bearer%20" + validCookie
 
 	validHeader, err := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"userId":    1,
@@ -54,7 +54,7 @@ func TestAuth(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Can not sign cookie token: %v", err)
 	}
-	invalidCookie = cookieName + "=" + invalidCookie
+	invalidCookie = cookieName + "=bearer%20" + invalidCookie
 
 	invalidHeader, err := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"userId":    1,