product-microgateway icon indicating copy to clipboard operation
product-microgateway copied to clipboard

Published 20 hours ago verified publisher icon wso2

Fix apikey failure when header key is in uppercase

Open suksw opened this issue 2 years ago • 0 comments

Purpose

Fix apikey failure when header key is in uppercase and prevent common auth headers reaching websocket backends.

  • Use lowercase header key when accessing header map in request context in APIKeyAuthenticator. (Router automatically converts header keys to lowercase when sending to enforcer. This has been already handled for access token and internal key)
  • Use lowercase header key when adding headers to protectedHeaders map and removeHeaders array since they are accessed in other parts of the enforcer.
  • Move auth header removal to a cmmon util method
  • Prevent common auth headers reaching websocket backends

Integration Tests

  • Test apikey with uppercase header name.
  • Access token and internal key tests already include the respective header with first letter uppercase.

Issues

Fix https://github.com/wso2/product-microgateway/issues/3071

Automation tests

  • Unit tests added: No
  • Integration tests added: Yes

Tested environments

Not Tested

Maintainers: Check before merge

  • [x] Assigned 'Type' label
  • [x] Assigned the project
  • [x] Validated respective github issues
  • [x] Assigned milestone to the github issue(s)

suksw avatar Oct 03 '22 07:10 suksw