Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept access token from Authorization header #1720

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Accept access token from Authorization header #1720

wants to merge 1 commit into from
+149 −27

Conversation

Qup42
Copy link
Member

@Qup42 Qup42 commented Jan 20, 2025

The access token could previously only be passed as a parameter (field in the data for application/x-www-form-urlencoded and query parameter otherwise). With this PR the access token is also read from the Authorization header in the format Bearer <access token>. The Authorization header (if present) takes precedence over the parameter.

Resolves #1691

Qup42
Qup42 commented Jan 20, 2025
View reviewed changes
Copy link
Member Author

@Qup42 Qup42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some initial comments. Mostly waiting for another PR to be merged, to avoid excessive conflicts.

test/ServerTest.cpp
parse(
MakePostRequest("/", URLENCODED, "update=DELETE+%2A+WHERE%20%7B%7D")),
ParsedRequestIs("/", std::nullopt, {}, Update{"DELETE * WHERE {}"}));
// TODO<qup42>: there could be some more here, but i'll wait until #1668
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO

test/ServerTest.cpp
auto parsedUrl = parseRequestTarget(request.target());
return Server::extractAccessToken(request, parsedUrl.parameters_);
};
// TODO<qup42>: replace once #1668 is merged
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO

src/engine/Server.cpp
Comment on lines +174 to +176
throw std::runtime_error(absl::StrCat(
"Authorization header must start with \"Bearer \". Got: \"",
authorization, "\"."));
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dislike responding with the access token, but did it to stay consistent with the rest of the code. Sensitive data should imo not be echoed.

@sparql-conformance
Copy link

Conformance check passed ✅

No test result changes.

Details: https://qlever.cs.uni-freiburg.de/sparql-conformance-ui?cur=d3e8eac4c6119c5f27ad9bbf59cbb22e5371ff56&prev=acb6633debc7341985341aff147b5038cc8d951b

@codecov Codecov
Copy link

codecov bot commented Jan 20, 2025

Codecov Report

Attention: Patch coverage is 96.55172% with 1 line in your changes missing coverage. Please review.

Project coverage is 89.86%. Comparing base (acb6633) to head (d3e8eac).

Files with missing lines Patch % Lines
src/engine/Server.cpp 96.55% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1720   +/-   ##
=======================================
  Coverage   89.86%   89.86%           
=======================================
  Files         389      389           
  Lines       37308    37334   +26     
  Branches     4204     4207    +3     
=======================================
+ Hits        33527    33552   +25     
+ Misses       2485     2483    -2     
- Partials     1296     1299    +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Qup42
Copy link
Member Author

Qup42 commented Jan 20, 2025

Note: The suggestions is to use a raw string literal for a string with 3 ". A raw string literal would be awkward for the rest of the error message string (".). To avoid having a raw literal string and a normal string next to each other, I have decided to not apply the suggestion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Accept access_token provided via header.
1 participant
@Qup42