third_codes/oauth2
1
0
Fork 0
mirror of https://github.com/golang/oauth2.git synced 2025-07-21 00:00:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

oauth2: ensure case sensitivity for Bearer, MAC, and Basic in auth header

Browse Source 
Fixes #113

Change-Id: Id2ba98809a536f1dc1fab5b30c49aeedd2fe4125
Reviewed-on: https://go-review.googlesource.com/9852
Reviewed-by: Burcu Dogan <jbd@google.com>
This commit is contained in:
Andrew Etter 2015-05-10 16:33:37 -04:00 committed by Burcu Dogan
parent f98d016087
commit 36ff901f7b
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
token.go
View File

@ -7,6 +7,7 @@ package oauth2
import ( import (
"net/http" "net/http"
"net/url" "net/url"
"strings"
"time" "time"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -53,6 +54,15 @@ type Token struct {
// Type returns t.TokenType if non-empty, else "Bearer". // Type returns t.TokenType if non-empty, else "Bearer".
func (t *Token) Type() string { func (t *Token) Type() string {
if strings.EqualFold(t.TokenType, "bearer") {
return "Bearer"
}
if strings.EqualFold(t.TokenType, "mac") {
return "MAC"
}
if strings.EqualFold(t.TokenType, "basic") {
return "Basic"
}
if t.TokenType != "" { if t.TokenType != "" {
return t.TokenType return t.TokenType
} }

33
transport_test.go
View File

@ -32,6 +32,39 @@ func TestTransportTokenSource(t *testing.T) {
client.Get(server.URL) client.Get(server.URL)
} }
// Test for case-sensitive token types, per https://github.com/golang/oauth2/issues/113
func TestTransportTokenSourceTypes(t *testing.T) {
const val = "abc"
tests := []struct {
key string
val string
want string
}{
{key: "bearer", val: val, want: "Bearer abc"},
{key: "mac", val: val, want: "MAC abc"},
{key: "basic", val: val, want: "Basic abc"},
}
for _, tc := range tests {
ts := &tokenSource{
token: &Token{
AccessToken: tc.val,
TokenType: tc.key,
},
}
tr := &Transport{
Source: ts,
}
server := newMockServer(func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Authorization"), tc.want; got != want {
t.Errorf("Authorization header (%q) = %q; want %q", val, got, want)
}
})
defer server.Close()
client := http.Client{Transport: tr}
client.Get(server.URL)
}
}
func TestTokenValidNoAccessToken(t *testing.T) { func TestTokenValidNoAccessToken(t *testing.T) {
token := &Token{} token := &Token{}
if token.Valid() { if token.Valid() {