From 11b13a4cf45af355e327b87ce9d0d095cd0e143b Mon Sep 17 00:00:00 2001 From: Greg Kostin Date: Fri, 3 May 2024 14:27:30 -0400 Subject: [PATCH] Authorization: Bearer Token --- apache/client/include/lauth/api_client.hpp | 4 +- apache/client/include/lauth/authorizer.hpp | 2 +- apache/client/include/lauth/http_client.hpp | 3 + apache/client/include/lauth/http_headers.hpp | 23 +++++++ apache/client/include/lauth/http_params.hpp | 2 - .../client/include/lauth/json_conversions.hpp | 1 - apache/client/include/lauth/request.hpp | 4 +- apache/client/meson.build | 1 + apache/client/src/lauth/api_client.cpp | 8 ++- apache/client/src/lauth/http_client.cpp | 23 ++++--- apache/client/test/lauth/api_client_test.cpp | 18 +++--- apache/client/test/lauth/http_client_test.cpp | 12 ++++ apache/client/test/lauth/mocks.hpp | 3 + apache/client/test/mock_service.cpp | 16 +++++ .../mods-available/authn_remoteuser.conf | 2 - .../etc/apache2/mods-available/lauth.conf | 6 ++ apache/module/mod_lauth.cpp | 62 +++++++++++++++---- docker-compose.yml | 1 + lauth/.env.development | 1 + lauth/.env.test | 1 + lauth/app/actions/authorize.rb | 28 ++++++--- lauth/config/settings.rb | 1 + lauth/spec/requests/authorized_any_spec.rb | 2 +- .../requests/authorized_client_ip_spec.rb | 2 +- lauth/spec/requests/authorized_spec.rb | 4 +- lauth/spec/requests/delegated_spec.rb | 2 +- 26 files changed, 183 insertions(+), 49 deletions(-) create mode 100644 apache/client/include/lauth/http_headers.hpp create mode 100644 apache/debpkgs/mod-lauth/etc/apache2/mods-available/lauth.conf diff --git a/apache/client/include/lauth/api_client.hpp b/apache/client/include/lauth/api_client.hpp index 6762ff8e..0e6c8ab0 100644 --- a/apache/client/include/lauth/api_client.hpp +++ b/apache/client/include/lauth/api_client.hpp @@ -10,8 +10,9 @@ namespace mlibrary::lauth { class ApiClient { public: - ApiClient(const std::string& url) : client(std::make_unique(url)) {}; + ApiClient(const std::string& url, const std::string& bearerToken) : client(std::make_unique(url)), bearerToken(bearerToken) {}; ApiClient(std::unique_ptr&& client) : client(std::move(client)) {}; + ApiClient(std::unique_ptr&& client, const std::string& bearerToken) : client(std::move(client)), bearerToken(bearerToken) {}; ApiClient(const ApiClient&) = delete; ApiClient& operator=(const ApiClient&) = delete; ApiClient(ApiClient&&) = delete; @@ -22,6 +23,7 @@ namespace mlibrary::lauth { protected: std::unique_ptr client; + const std::string bearerToken; }; } diff --git a/apache/client/include/lauth/authorizer.hpp b/apache/client/include/lauth/authorizer.hpp index 09d84e71..8ecc67f9 100644 --- a/apache/client/include/lauth/authorizer.hpp +++ b/apache/client/include/lauth/authorizer.hpp @@ -11,7 +11,7 @@ namespace mlibrary::lauth { class Authorizer { public: - Authorizer(const std::string& url) : client(std::make_unique(url)) {}; + Authorizer(const std::string& url, const std::string& bearerToken) : client(std::make_unique(url, bearerToken)) {}; Authorizer(std::unique_ptr&& client) : client(std::move(client)) {}; Authorizer(const Authorizer&) = delete; Authorizer& operator=(const Authorizer&) = delete; diff --git a/apache/client/include/lauth/http_client.hpp b/apache/client/include/lauth/http_client.hpp index 7ce0d8ca..0898ae59 100644 --- a/apache/client/include/lauth/http_client.hpp +++ b/apache/client/include/lauth/http_client.hpp @@ -2,6 +2,7 @@ #define __LAUTH_HTTP_CLIENT_HPP__ #include "lauth/http_params.hpp" +#include "lauth/http_headers.hpp" #include #include @@ -14,6 +15,8 @@ namespace mlibrary::lauth { virtual std::optional get(const std::string &path); virtual std::optional get(const std::string &path, const HttpParams ¶ms); + virtual std::optional get(const std::string &path, const HttpHeaders &headers); + virtual std::optional get(const std::string &path, const HttpParams ¶ms, const HttpHeaders &headers); protected: const std::string baseUrl; diff --git a/apache/client/include/lauth/http_headers.hpp b/apache/client/include/lauth/http_headers.hpp new file mode 100644 index 00000000..e69c84b5 --- /dev/null +++ b/apache/client/include/lauth/http_headers.hpp @@ -0,0 +1,23 @@ +#ifndef __LAUTH_HTTP_HEADERS_HPP__ +#define __LAUTH_HTTP_HEADERS_HPP__ + +#include +#include + +namespace mlibrary::lauth { + namespace detail { + // https://github.com/yhirose/cpp-httplib/blob/3b6597bba913d51161383657829b7e644e59c006/httplib.h#L315 + struct ci { + bool operator()(const std::string &s1, const std::string &s2) const { + return std::lexicographical_compare(s1.begin(), s1.end(), s2.begin(), + s2.end(), + [](unsigned char c1, unsigned char c2) { + return ::tolower(c1) < ::tolower(c2); + }); + } + }; + } + using HttpHeaders = std::multimap; +} + +#endif // __LAUTH_HTTP_HEADERS_HPP__ diff --git a/apache/client/include/lauth/http_params.hpp b/apache/client/include/lauth/http_params.hpp index e87ba02a..da0bd86d 100644 --- a/apache/client/include/lauth/http_params.hpp +++ b/apache/client/include/lauth/http_params.hpp @@ -1,8 +1,6 @@ #ifndef __LAUTH_HTTP_PARAMS_HPP__ #define __LAUTH_HTTP_PARAMS_HPP__ -#include - #include #include diff --git a/apache/client/include/lauth/json_conversions.hpp b/apache/client/include/lauth/json_conversions.hpp index d6858e6a..47659c5c 100644 --- a/apache/client/include/lauth/json_conversions.hpp +++ b/apache/client/include/lauth/json_conversions.hpp @@ -2,7 +2,6 @@ #define __LAUTH_JSON_CONVERSIONS_HPP__ #include "lauth/json.hpp" - #include "lauth/authorization_result.hpp" namespace mlibrary::lauth { diff --git a/apache/client/include/lauth/request.hpp b/apache/client/include/lauth/request.hpp index a2337e74..89c8af32 100644 --- a/apache/client/include/lauth/request.hpp +++ b/apache/client/include/lauth/request.hpp @@ -1,5 +1,6 @@ #ifndef __LAUTH_REQUEST_HPP__ #define __LAUTH_REQUEST_HPP__ + #include namespace mlibrary::lauth { @@ -9,5 +10,6 @@ namespace mlibrary::lauth { std::string user; }; } -#endif + +#endif // __LAUTH_REQUEST_HPP__ diff --git a/apache/client/meson.build b/apache/client/meson.build index d800c081..5fbbef19 100644 --- a/apache/client/meson.build +++ b/apache/client/meson.build @@ -48,6 +48,7 @@ install_headers( 'include/lauth/authorizer.hpp', 'include/lauth/http_client.hpp', 'include/lauth/http_params.hpp', + 'include/lauth/http_headers.hpp', 'include/lauth/json_conversions.hpp', 'include/lauth/request.hpp', subdir: 'lauth') diff --git a/apache/client/src/lauth/api_client.cpp b/apache/client/src/lauth/api_client.cpp index fb344f60..71511535 100644 --- a/apache/client/src/lauth/api_client.cpp +++ b/apache/client/src/lauth/api_client.cpp @@ -14,7 +14,13 @@ namespace mlibrary::lauth { {"user", req.user} }; - auto result = client->get("/authorized", params); + std::string authorization = "Bearer " + bearerToken; + + HttpHeaders headers { + {"Authorization", authorization} + }; + + auto result = client->get("/authorized", params, headers); try { diff --git a/apache/client/src/lauth/http_client.cpp b/apache/client/src/lauth/http_client.cpp index 21b23590..bbd29ed1 100644 --- a/apache/client/src/lauth/http_client.cpp +++ b/apache/client/src/lauth/http_client.cpp @@ -5,12 +5,16 @@ #include #include "lauth/http_params.hpp" +#include "lauth/http_headers.hpp" namespace mlibrary::lauth { - std::optional HttpClient::get(const std::string& path) { + std::optional HttpClient::get(const std::string& path, const HttpParams& params, const HttpHeaders& headers) { httplib::Client client(baseUrl); - auto res = client.Get(path); + // using Headers = std::multimap; + httplib::Headers marshal_headers ( headers.begin(), headers.end() ); + + auto res = client.Get(path, params, marshal_headers); if (res) return res->body; else @@ -18,13 +22,14 @@ namespace mlibrary::lauth { } std::optional HttpClient::get(const std::string& path, const HttpParams& params) { - httplib::Client client(baseUrl); - httplib::Headers headers; + return get(path, params, HttpHeaders{}); + } - auto res = client.Get(path, params, headers); - if (res) - return res->body; - else - return std::nullopt; + std::optional HttpClient::get(const std::string& path, const HttpHeaders& headers) { + return get(path, HttpParams{}, headers); + } + + std::optional HttpClient::get(const std::string& path) { + return get(path, HttpParams{}, HttpHeaders{}); } } diff --git a/apache/client/test/lauth/api_client_test.cpp b/apache/client/test/lauth/api_client_test.cpp index 7124220c..1348cc31 100644 --- a/apache/client/test/lauth/api_client_test.cpp +++ b/apache/client/test/lauth/api_client_test.cpp @@ -28,10 +28,14 @@ TEST(ApiClient, HttpRequestByApiClientIsCorrect) { {"user", req.user} }; + HttpHeaders headers { + {"Authorization", "Bearer dGVzdA=="} + }; + auto body = R"({"determination":"allowed"})"; - EXPECT_CALL(*client, get("/authorized", params)).WillOnce(Return(body)); - ApiClient api_client(std::move(client)); + EXPECT_CALL(*client, get("/authorized", params, headers)).WillOnce(Return(body)); + ApiClient api_client(std::move(client), "dGVzdA=="); api_client.authorize(req); } @@ -40,7 +44,7 @@ TEST(ApiClient, DeterminationAllowedReturnsTrue) { auto client = std::make_unique(); auto body = R"({"determination":"allowed"})"; - EXPECT_CALL(*client, get(_, _)).WillOnce(Return(body)); + EXPECT_CALL(*client, get(_, _, _)).WillOnce(Return(body)); ApiClient api_client(std::move(client)); auto result = api_client.authorize(Request()); @@ -51,7 +55,7 @@ TEST(ApiClient, DeterminationDeniedReturnsFalse) { auto client = std::make_unique(); auto body = R"({"determination":"denied"})"; - EXPECT_CALL(*client, get(_, _)).WillOnce(Return(body)); + EXPECT_CALL(*client, get(_, _, _)).WillOnce(Return(body)); ApiClient api_client(std::move(client)); auto result = api_client.authorize(Request()); @@ -62,7 +66,7 @@ TEST(ApiClient, MismatchedJsonReturnsFalse) { auto client = std::make_unique(); auto body = R"({"should_ignore_this_key":"allowed"})"; - EXPECT_CALL(*client, get(_, _)).WillOnce(Return(body)); + EXPECT_CALL(*client, get(_, _, _)).WillOnce(Return(body)); ApiClient api_client(std::move(client)); auto result = api_client.authorize(Request()); @@ -73,7 +77,7 @@ TEST(ApiClient, MalformedJsonReturnsFalse) { auto client = std::make_unique(); auto body = R"({"should_ignore_this_key":"allowed",)"; - EXPECT_CALL(*client, get(_, _)).WillOnce(Return(body)); + EXPECT_CALL(*client, get(_, _, _)).WillOnce(Return(body)); ApiClient api_client(std::move(client)); auto result = api_client.authorize(Request()); @@ -84,7 +88,7 @@ TEST(ApiClient, EmptyBodyReturnsFalse) { auto client = std::make_unique(); auto body = ""; - EXPECT_CALL(*client, get(_, _)).WillOnce(Return(body)); + EXPECT_CALL(*client, get(_, _, _)).WillOnce(Return(body)); ApiClient api_client(std::move(client)); auto result = api_client.authorize(Request()); diff --git a/apache/client/test/lauth/http_client_test.cpp b/apache/client/test/lauth/http_client_test.cpp index c0dd0328..9d8a0d5e 100644 --- a/apache/client/test/lauth/http_client_test.cpp +++ b/apache/client/test/lauth/http_client_test.cpp @@ -73,3 +73,15 @@ TEST(HttpClient, GetRequestWithMultipleParametersEncodesThem) { EXPECT_THAT(*response, Eq(R"({"foo":"bar","something":"else"})")); } + +TEST(HttpClient, GetRequestWithAuthorizationHeaderEncodesIt) { + HttpClient client(MOCK_API_URL()); + + HttpParams params; + params.emplace("foo", "bar"); + HttpHeaders headers; + headers.emplace("Authorization", "Bearer dGVzdA=="); + auto response = client.get("/authorization", params, headers); + + EXPECT_THAT(*response, Eq(R"({"Bearer":"dGVzdA=="})")); +} diff --git a/apache/client/test/lauth/mocks.hpp b/apache/client/test/lauth/mocks.hpp index d67e49dd..0693e826 100644 --- a/apache/client/test/lauth/mocks.hpp +++ b/apache/client/test/lauth/mocks.hpp @@ -5,6 +5,7 @@ #include "lauth/authorization_result.hpp" #include "lauth/http_client.hpp" #include "lauth/http_params.hpp" +#include "lauth/http_headers.hpp" #include @@ -15,6 +16,8 @@ class MockHttpClient : public HttpClient { MockHttpClient() : HttpClient("http://api.invalid") {}; MOCK_METHOD(std::optional, get, (const std::string&), (override)); MOCK_METHOD(std::optional, get, (const std::string&, const HttpParams&), (override)); + MOCK_METHOD(std::optional, get, (const std::string&, const HttpHeaders&), (override)); + MOCK_METHOD(std::optional, get, (const std::string&, const HttpParams&, const HttpHeaders&), (override)); }; class MockApiClient : public ApiClient { diff --git a/apache/client/test/mock_service.cpp b/apache/client/test/mock_service.cpp index 227fd0e5..aadc5759 100644 --- a/apache/client/test/mock_service.cpp +++ b/apache/client/test/mock_service.cpp @@ -35,6 +35,22 @@ int main(int argc, char **argv) { res.set_content(params.dump().c_str(), "application/json"); }); + // Echo GET authorization as json object + server.Get("/authorization", [](const Request &req, Response &res) { + auto buffer = req.get_header_value("Authorization"); + + auto pos = buffer.find(" "); + auto key = buffer.substr(0, pos); + buffer.erase(0, pos + 1); + auto value = buffer; + + json auth; + auth[key] = value; + + std::cout << "GET /authorization" << std::endl; + res.set_content(auth.dump().c_str(), "application/json"); + }); + server.Get("/users/authorized/is_allowed", [](const Request &, Response &res) { std::cout << "GET /users/authorized/is_allowed" << std::endl; res.set_content("yes", "text/plain"); diff --git a/apache/debpkgs/mod-authn-remoteuser/etc/apache2/mods-available/authn_remoteuser.conf b/apache/debpkgs/mod-authn-remoteuser/etc/apache2/mods-available/authn_remoteuser.conf index bbd6fdc3..7df6ddcd 100644 --- a/apache/debpkgs/mod-authn-remoteuser/etc/apache2/mods-available/authn_remoteuser.conf +++ b/apache/debpkgs/mod-authn-remoteuser/etc/apache2/mods-available/authn_remoteuser.conf @@ -8,5 +8,3 @@ # RemoteUserAnonymousUsername lauth-nobody - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/apache/debpkgs/mod-lauth/etc/apache2/mods-available/lauth.conf b/apache/debpkgs/mod-lauth/etc/apache2/mods-available/lauth.conf new file mode 100644 index 00000000..85cad83a --- /dev/null +++ b/apache/debpkgs/mod-lauth/etc/apache2/mods-available/lauth.conf @@ -0,0 +1,6 @@ + + + LauthApiUrl http://app.lauth.local:2300 + LauthApiToken TG9yZCBvZiB0aGUgUmluZ3MK + + diff --git a/apache/module/mod_lauth.cpp b/apache/module/mod_lauth.cpp index 20d6425a..d62792c5 100644 --- a/apache/module/mod_lauth.cpp +++ b/apache/module/mod_lauth.cpp @@ -5,6 +5,7 @@ #include "http_log.h" #include "ap_config.h" #include "ap_provider.h" +#include "apr_strings.h" #include "mod_auth.h" @@ -16,21 +17,62 @@ using namespace mlibrary::lauth; extern "C" { - + void *create_lauth_server_config(apr_pool_t *p, server_rec *_); + const char *set_url(cmd_parms *cmd, void *cfg, const char* arg); + const char *set_token(cmd_parms *cmd, void *cfg, const char* arg); + + static const command_rec lauth_cmds[] = { + AP_INIT_TAKE1("LauthApiUrl", (cmd_func) set_url, NULL, RSRC_CONF|OR_AUTHCFG, "The URL to use for API."), + AP_INIT_TAKE1("LauthApiToken", (cmd_func) set_token, NULL, RSRC_CONF|OR_AUTHCFG, "The token to use for API."), + {NULL}}; void lauth_register_hooks(apr_pool_t *p); APLOG_USE_MODULE(lauth); module AP_MODULE_DECLARE_DATA lauth_module = { STANDARD20_MODULE_STUFF, - NULL, /* create per-dir config structures */ - NULL, /* merge per-dir config structures */ - NULL, /* create per-server config structures */ - NULL, /* merge per-server config structures */ - NULL, /* table of config file commands */ - lauth_register_hooks /* register hooks */ + NULL, /* create per-dir config structures */ + NULL, /* merge per-dir config structures */ + create_lauth_server_config, /* create per-server config structures */ + NULL, /* merge per-server config structures */ + lauth_cmds, /* table of config file commands */ + lauth_register_hooks /* register hooks */ }; }; +typedef struct lauth_config_struct { + const char *url; /* URL to API */ + const char *token; /* token for API */ +} lauth_config; + +void *create_lauth_server_config(apr_pool_t *p, server_rec *_) { + lauth_config *config = (lauth_config *) apr_pcalloc(p, sizeof(*config)); + config->url = NULL; + config->token = NULL; + return (void*) config; +} + +const char *set_url(cmd_parms *cmd, void *cfg, const char* arg) +{ + if(!*arg) { + return "Lauth API URL cannot be empty"; + } + + lauth_config *config = (lauth_config *) ap_get_module_config(cmd->server->module_config, &lauth_module); + config->url = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +const char *set_token(cmd_parms *cmd, void *cfg, const char* arg) +{ + if(!*arg) { + return "Lauth API Token cannot be empty"; + } + + lauth_config *config = (lauth_config *) ap_get_module_config(cmd->server->module_config, &lauth_module); + config->token = apr_pstrdup(cmd->pool, arg); + return NULL; +} + static authz_status lauth_check_authorization(request_rec *r, const char *require_line, const void *parsed_require_line) @@ -53,8 +95,8 @@ static authz_status lauth_check_authorization(request_rec *r, }; } - std::map result = - Authorizer("http://app.lauth.local:2300").authorize(req); + lauth_config *config = (lauth_config *) ap_get_module_config(r->server->module_config, &lauth_module); + std::map result = Authorizer(config->url, config->token).authorize(req); apr_table_set(r->subprocess_env, "PUBLIC_COLL", result["public_collections"].c_str()); apr_table_set(r->subprocess_env, "AUTHZD_COLL", result["authorized_collections"].c_str()); @@ -74,5 +116,3 @@ void lauth_register_hooks(apr_pool_t *p) AUTHZ_PROVIDER_VERSION, &authz_lauth_provider, AP_AUTH_INTERNAL_PER_CONF); } - - diff --git a/docker-compose.yml b/docker-compose.yml index e17b8b5f..27218b95 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: UID: ${UID:-1000} GID: ${GID:-1000} environment: + - BEARER_TOKEN=TG9yZCBvZiB0aGUgUmluZ3MK - DATABASE_URL=mysql2://lauth:lauth@db.lauth.local:3306/lauth_demo hostname: app.lauth.local networks: diff --git a/lauth/.env.development b/lauth/.env.development index 5f17eb1b..c79689c8 100644 --- a/lauth/.env.development +++ b/lauth/.env.development @@ -1,2 +1,3 @@ +BEARER_TOKEN=Si5SLlIuIFRvbGtpZW4K DATABASE_URL=mysql2://lauth:lauth@db.lauth.local:3306/lauth_development SESSION_SECRET=__local_development_secret_only__ diff --git a/lauth/.env.test b/lauth/.env.test index aa959ea2..a7dab9e3 100644 --- a/lauth/.env.test +++ b/lauth/.env.test @@ -1,2 +1,3 @@ +BEARER_TOKEN=VGhlIEhvYmJpdAo= DATABASE_URL=mysql2://lauth:lauth@db.lauth.local:3306/lauth_test SESSION_SECRET=__local_development_secret_only__ diff --git a/lauth/app/actions/authorize.rb b/lauth/app/actions/authorize.rb index ac7a35e6..4be18962 100644 --- a/lauth/app/actions/authorize.rb +++ b/lauth/app/actions/authorize.rb @@ -4,15 +4,27 @@ class Authorize < Lauth::Action def handle(request, response) response.format = :json - result = Lauth::Ops::Authorize.new( - request: Lauth::Access::Request.new( - user: request.params[:user], - uri: request.params[:uri], - client_ip: request.params[:ip] - ) - ).call + if request.has_header?("HTTP_AUTHORIZATION") + if request.get_header("HTTP_AUTHORIZATION") == "Bearer " + App.app["settings"].bearer_token + result = Lauth::Ops::Authorize.new( + request: Lauth::Access::Request.new( + user: request.params[:user], + uri: request.params[:uri], + client_ip: request.params[:ip] + ) + ).call - response.body = result.to_h.to_json + response.body = result.to_h.to_json + else + App.app["logger"].error("Request HTTP authorization failed.") + response.status = 401 # Unauthorized + response.body = Lauth::Access::Request.new.to_h.to_json + end + else + App.app["logger"].error("Request missing HTTP authorization header.") + response.status = 401 # Unauthorized + response.body = Lauth::Access::Request.new.to_h.to_json + end end end end diff --git a/lauth/config/settings.rb b/lauth/config/settings.rb index d1739baa..393b2414 100644 --- a/lauth/config/settings.rb +++ b/lauth/config/settings.rb @@ -2,6 +2,7 @@ module Lauth class Settings < Hanami::Settings + setting :bearer_token, constructor: Types::String setting :database_url, constructor: Types::String setting :session_secret, constructor: Types::String end diff --git a/lauth/spec/requests/authorized_any_spec.rb b/lauth/spec/requests/authorized_any_spec.rb index 8e64cf8d..b18d771b 100644 --- a/lauth/spec/requests/authorized_any_spec.rb +++ b/lauth/spec/requests/authorized_any_spec.rb @@ -44,7 +44,7 @@ # @param ip [String] # @return [Hash] the response body after json parsing def request(from:, as:) - get "/authorized", {user: as.to_s, uri: "/restricted-by-username-or-client-ip", ip: from} + get "/authorized", {user: as.to_s, uri: "/restricted-by-username-or-client-ip", ip: from}, {"HTTP_AUTHORIZATION" => "Bearer VGhlIEhvYmJpdAo="} JSON.parse(last_response.body, symbolize_names: true) end end diff --git a/lauth/spec/requests/authorized_client_ip_spec.rb b/lauth/spec/requests/authorized_client_ip_spec.rb index 6e408bfb..0b98f8d1 100644 --- a/lauth/spec/requests/authorized_client_ip_spec.rb +++ b/lauth/spec/requests/authorized_client_ip_spec.rb @@ -84,7 +84,7 @@ def create_network(access, cidr) # @param ip [String] # @return [Hash] the response body after json parsing def request_from(ip) - get "/authorized", {user: "", uri: "/restricted-by-client-ip", ip: ip} + get "/authorized", {user: "", uri: "/restricted-by-client-ip", ip: ip}, {"HTTP_AUTHORIZATION" => "Bearer VGhlIEhvYmJpdAo="} JSON.parse(last_response.body, symbolize_names: true) end end diff --git a/lauth/spec/requests/authorized_spec.rb b/lauth/spec/requests/authorized_spec.rb index 532fa809..1de6b33c 100644 --- a/lauth/spec/requests/authorized_spec.rb +++ b/lauth/spec/requests/authorized_spec.rb @@ -15,7 +15,7 @@ let!(:grant) { Factory[:grant, :for_user, user: user, collection: collection] } it do - get "/authorized", {user: "lauth-allowed", uri: "/restricted-by-username/"} + get "/authorized", {user: "lauth-allowed", uri: "/restricted-by-username/"}, {"HTTP_AUTHORIZATION" => "Bearer VGhlIEhvYmJpdAo="} body = JSON.parse(last_response.body, symbolize_names: true) expect(body).to include(determination: "allowed") @@ -33,7 +33,7 @@ let!(:grant) { Factory[:grant, :for_group, group: group, collection: collection] } it do - get "/authorized", {user: "lauth-group-member", uri: "/restricted-by-username/"} + get "/authorized", {user: "lauth-group-member", uri: "/restricted-by-username/"}, {"HTTP_AUTHORIZATION" => "Bearer VGhlIEhvYmJpdAo="} body = JSON.parse(last_response.body, symbolize_names: true) expect(body).to include(determination: "allowed") diff --git a/lauth/spec/requests/delegated_spec.rb b/lauth/spec/requests/delegated_spec.rb index 55403bec..bd8f5e5c 100644 --- a/lauth/spec/requests/delegated_spec.rb +++ b/lauth/spec/requests/delegated_spec.rb @@ -62,7 +62,7 @@ def setup_coll(name, has_grant:, pub:) # @return [Hash] the response body after json parsing def request(as:) - get "/authorized", {user: as.to_s, uri: "/delegated"} + get "/authorized", {user: as.to_s, uri: "/delegated"}, {"HTTP_AUTHORIZATION" => "Bearer VGhlIEhvYmJpdAo="} JSON.parse(last_response.body, symbolize_names: true) end end