nomad icon indicating copy to clipboard operation
nomad copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

cleanup: use Go's BasicAuth for parsing Authorization header

Open shoenig opened this issue 2 years ago • 2 comments

In HTTPServer.parseToken we have a custom parser for Authorization header. I suspect this pre-dates Go's built in BasicAuth helper method(s), and we should look into switching to the standard library implementation.

https://pkg.go.dev/net/http#Request.BasicAuth

shoenig avatar Oct 11 '22 15:10 shoenig

:wave: IDK if I misunderstood the issue but I see that we're looking for the Bearer token. rfc6750

https://github.com/hashicorp/nomad/blob/2aa7e66bdb526e25f59883952d74dad7ea9a014e/command/agent/http.go#L861-L866

Therefore I suspect the BasicAuth is not what we want. Unfortunately, the stdlib doesn't seem to have any helper method for the Bearer authorization. 😢

alessio-perugini avatar Oct 11 '22 22:10 alessio-perugini

I was scrolling through issues with the label good first issue. Is this actually one or just a misunderstanding?

soupdiver avatar Oct 16 '22 11:10 soupdiver

Sorry yeah, I was too optimistic about what the standard lib would do :man_facepalming:

shoenig avatar Jan 10 '23 16:01 shoenig

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar May 11 '23 02:05 github-actions[bot]