diff options
| author | Igor Drozdov <idrozdov@gitlab.com> | 2022-10-17 17:59:14 +0200 |
|---|---|---|
| committer | Igor Drozdov <idrozdov@gitlab.com> | 2022-10-17 17:59:16 +0200 |
| commit | 07604117a05142f649e4194f6b5c67fee861f0d9 (patch) | |
| tree | b61d8bfaccc106f950b57546b0791cdcd256cef3 | |
| parent | c57041e2d16878fffbd1b771bfeb6eb7b5342005 (diff) | |
| download | gitlab-shell-07604117a05142f649e4194f6b5c67fee861f0d9.tar.gz | |
Remove secret from request headers
Now the requests are verified via JWT
| -rw-r--r-- | client/client_test.go | 34 | ||||
| -rw-r--r-- | client/gitlabnet.go | 3 |
2 files changed, 0 insertions, 37 deletions
diff --git a/client/client_test.go b/client/client_test.go index a20616a..aefff33 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -2,7 +2,6 @@ package client import ( "context" - "encoding/base64" "encoding/json" "fmt" "io" @@ -88,7 +87,6 @@ func TestClients(t *testing.T) { testSuccessfulPost(t, client) testMissing(t, client) testErrorMessage(t, client) - testAuthenticationHeader(t, tc.secret, client) testJWTAuthenticationHeader(t, client) testXForwardedForHeader(t, client) testHostWithTrailingSlash(t, client) @@ -168,38 +166,6 @@ func testBrokenRequest(t *testing.T, client *GitlabNetClient) { }) } -func testAuthenticationHeader(t *testing.T, secret string, client *GitlabNetClient) { - t.Run("Authentication headers for GET", func(t *testing.T) { - response, err := client.Get(context.Background(), "/auth") - require.NoError(t, err) - require.NotNil(t, response) - - defer response.Body.Close() - - responseBody, err := io.ReadAll(response.Body) - require.NoError(t, err) - - header, err := base64.StdEncoding.DecodeString(string(responseBody)) - require.NoError(t, err) - require.Equal(t, secret, string(header)) - }) - - t.Run("Authentication headers for POST", func(t *testing.T) { - response, err := client.Post(context.Background(), "/auth", map[string]string{}) - require.NoError(t, err) - require.NotNil(t, response) - - defer response.Body.Close() - - responseBody, err := io.ReadAll(response.Body) - require.NoError(t, err) - - header, err := base64.StdEncoding.DecodeString(string(responseBody)) - require.NoError(t, err) - require.Equal(t, secret, string(header)) - }) -} - func testJWTAuthenticationHeader(t *testing.T, client *GitlabNetClient) { verifyJWTToken := func(t *testing.T, response *http.Response) { responseBody, err := io.ReadAll(response.Body) diff --git a/client/gitlabnet.go b/client/gitlabnet.go index dcf17c1..24c1d5f 100644 --- a/client/gitlabnet.go +++ b/client/gitlabnet.go @@ -3,7 +3,6 @@ package client import ( "bytes" "context" - "encoding/base64" "encoding/json" "fmt" "io" @@ -141,8 +140,6 @@ func (c *GitlabNetClient) DoRequest(ctx context.Context, method, path string, da if user != "" && password != "" { request.SetBasicAuth(user, password) } - encodedSecret := base64.StdEncoding.EncodeToString([]byte(c.secret)) - request.Header.Set(secretHeaderName, encodedSecret) claims := jwt.RegisteredClaims{ Issuer: jwtIssuer, |