Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keyrock API should accept standard Authorization HTTP header #130

Closed
jason-fox opened this issue Nov 18, 2019 · 7 comments
Closed

Keyrock API should accept standard Authorization HTTP header #130

jason-fox opened this issue Nov 18, 2019 · 7 comments

Comments

@jason-fox
Copy link
Contributor

Related: FIWARE/tutorials.Identity-Management#5

According to rfc6750, the standard location for a authorization token is Authorization: Bearer

see: https://tools.ietf.org/html/rfc6750#page-5

Within the Keyrock API, X-Auth-Token is used e.g.:

curl -X POST \
  http://localhost:3005/v1/auth/tokens \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "[email protected]",
  "password": "1234"
}'
curl -X GET \
  http://localhost:3005/v1/auth/tokens \
  -H 'Content-Type: application/json' \
  -H 'X-Auth-token: {{X-Auth-token}}' \
  -H 'X-Subject-token: 0a601aa7-9d95-4438-b8a6-806507da5249'

However the following should also be valid:

curl -X GET \
  http://localhost:3005/v1/auth/tokens \
  -H 'Authorization: Bearer {{X-Auth-token}}' \
  -H 'Content-Type: application/json' \
  -H 'X-Subject-token: 0a601aa7-9d95-4438-b8a6-806507da5249'

This already works within the Wilma PEP Proxy - X-Auth-Token and Authorization: Bearer are interchangable.
@jason-fox
Copy link
Contributor Author

I think the problem lies here: https://github.com/ging/fiware-idm/blob/master/controllers/api/authenticate.js#L127-L129 - the check needs to OR between the X-Auth-Token and the bearer at this point.

@YatinArora-NEC
Copy link
Contributor

Hi @jason-fox , please assign this issue to me.

@jason-fox
Copy link
Contributor Author

I can't assign issues - @aalonsog @apozohue10 - can you help?

@YatinArora-NEC
Copy link
Contributor

hii @jason-fox
I have fixed the issue with "Authorization" header for keyrock APIs. But when i execute "npm run test" command as per the documents "https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/sanity_check/index.html" the following results are displayed.

image

Could you please help me to know if the behaviour for "npm run test" is same or something different from this or their is some missing configuration?

@jason-fox
Copy link
Contributor Author

jason-fox commented May 4, 2020
edited
Loading

That warning is found in the Docker entrypoint.sh - https://github.com/ging/fiware-idm/blob/master/extras/docker/docker-entrypoint.sh#L42-L52

These warnings occur when values such as the SESSION_SECRETand ENCRYPTION_KEY are not overridden and are still using the default value. Obviously using the defaults is a security issue in a live instance, but for unit-testing it is safe to ignore and run tests using an insecure test harness.

@YatinArora-NEC
Copy link
Contributor

Hi @jason-fox
Thank you for the information. So is this the expected behaviour after running npm test?
Does "npm run test" shows any results of the test case?

image

@YatinArora-NEC YatinArora-NEC mentioned this issue May 4, 2020
Merged
@apozohue10
Copy link
Contributor

Merged PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jason-fox @apozohue10 @YatinArora-NEC