Skip to content

Commit

Permalink
Add test for MissingBearerScheme
Browse files Browse the repository at this point in the history 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
  • Loading branch information
@RyanL1997
RyanL1997 committed Oct 11, 2023
1 parent 986ebb3 commit c708241
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 7 deletions.
10 changes: 3 additions & 7 deletions src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,17 +206,13 @@ private String extractJwtFromHeader(SecurityRequest request) {
return null;
}

if (!BEARER.matcher(jwtToken).matches()) {
return null;
}

if (jwtToken.toLowerCase().contains(BEARER_PREFIX)) {
jwtToken = jwtToken.substring(jwtToken.toLowerCase().indexOf(BEARER_PREFIX) + BEARER_PREFIX.length());
} else {
if (!BEARER.matcher(jwtToken).matches() || !jwtToken.toLowerCase().contains(BEARER_PREFIX)) {
logDebug("No Bearer scheme found in header");
return null;
}

jwtToken = jwtToken.substring(jwtToken.toLowerCase().indexOf(BEARER_PREFIX) + BEARER_PREFIX.length());

return jwtToken;
}

Expand Down
31 changes: 31 additions & 0 deletions src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,37 @@ public void testBasicAuthHeader() throws Exception {
Assert.assertNull(credentials);
}

@Test
public void testMissingBearerScheme() throws Exception {
Appender mockAppender = Mockito.mock(Appender.class);
ArgumentCaptor<LogEvent> logEventCaptor = ArgumentCaptor.forClass(LogEvent.class);
Mockito.when(mockAppender.getName()).thenReturn("MockAppender");
Mockito.when(mockAppender.isStarted()).thenReturn(true);
Logger logger = (Logger) LogManager.getLogger(OnBehalfOfAuthenticator.class);
logger.addAppender(mockAppender);
logger.setLevel(Level.DEBUG);
Mockito.doNothing().when(mockAppender).append(logEventCaptor.capture());

String craftedToken = "beaRerSomeActualToken"; // This token matches the BEARER pattern but doesn't contain the BEARER_PREFIX

OnBehalfOfAuthenticator jwtAuth = new OnBehalfOfAuthenticator(defaultSettings(), clusterName);
Map<String, String> headers = Collections.singletonMap(HttpHeaders.AUTHORIZATION, craftedToken);

AuthCredentials credentials = jwtAuth.extractCredentials(
new FakeRestRequest(headers, Collections.emptyMap()).asSecurityRequest(),
null
);

Assert.assertNull(credentials);

boolean foundLog = logEventCaptor.getAllValues()
.stream()
.anyMatch(event -> event.getMessage().getFormattedMessage().contains("No Bearer scheme found in header"));
Assert.assertTrue(foundLog);

logger.removeAppender(mockAppender);
}

@Test
public void testMissingBearerPrefixInAuthHeader() {
String jwsToken = Jwts.builder()
Expand Down

0 comments on commit c708241

Please sign in to comment.