fix: noop mutator don't overwrite session headers (#1091)

ory · Jul 5, 2023 · 3a716f2 · 3a716f2
1 parent 47e3d19
commit 3a716f2
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/pipeline/mutate/mutator_noop.go b/pipeline/mutate/mutator_noop.go
@@ -23,7 +23,22 @@ func (a *MutatorNoop) GetID() string {
 }
 
 func (a *MutatorNoop) Mutate(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error {
+	currentSessionHeaders := session.Header.Clone()
 	session.Header = r.Header
+	if session.Header == nil {
+		session.Header = make(map[string][]string)
+	}
+
+	for k, v := range currentSessionHeaders {
+		var val string
+		if len(v) == 0 {
+			val = ""
+		} else {
+			val = v[0]
+		}
+		session.SetHeader(k, val)
+	}
+
 	return nil
 }
 

diff --git a/pipeline/mutate/mutator_noop_test.go b/pipeline/mutate/mutator_noop_test.go
@@ -33,6 +33,16 @@ func TestMutatorNoop(t *testing.T) {
 		assert.EqualValues(t, r.Header, s.Header)
 	})
 
+	t.Run("method=mutate/case=ensure authentication session headers are kept", func(t *testing.T) {
+		r := &http.Request{Header: http.Header{"foo": {"foo"}}}
+		s := &authn.AuthenticationSession{Header: http.Header{"bar": {"bar"}}}
+		combinedHeaders := http.Header{"foo": {"foo"}}
+		combinedHeaders.Set("bar", "bar")
+		err := a.Mutate(r, s, nil, nil)
+		require.NoError(t, err)
+		assert.EqualValues(t, r.Header, combinedHeaders)
+	})
+
 	t.Run("method=validate", func(t *testing.T) {
 		conf.SetForTest(t, configuration.MutatorNoopIsEnabled, true)
 		require.NoError(t, a.Validate(nil))