Merge pull request #40 from myndocs/release/0.3.1

Release/0.3.1

Author: adhesivee

README.md

@@ -11,7 +11,7 @@ It encourages to adapt to existing implementations instead the other way around.
 First define the version to be used and set it as a property
 ```xml
 <properties>
-    <myndocs.oauth.version>0.3.0</myndocs.oauth.version>
+    <myndocs.oauth.version>0.3.1</myndocs.oauth.version>
 </properties>
 ```
 

oauth2-server-client-inmemory/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>kotlin-oauth2-server</artifactId>
         <groupId>nl.myndocs</groupId>
-        <version>0.3.0</version>
+        <version>0.3.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

oauth2-server-core/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>kotlin-oauth2-server</artifactId>
         <groupId>nl.myndocs</groupId>
-        <version>0.3.0</version>
+        <version>0.3.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

oauth2-server-core/src/main/java/nl/myndocs/oauth2/CallRouter.kt

@@ -213,7 +213,7 @@ class CallRouter(
             return
         }
 
-        val authorization = callContext.headers["Authorization"]
+        val authorization = callContext.headerCaseInsensitive("Authorization")
 
         if (authorization == null || !authorization.startsWith("bearer ", true)) {
             callContext.respondStatus(STATUS_UNAUTHORIZED)

oauth2-server-core/src/main/java/nl/myndocs/oauth2/request/CallContextHeader.kt

@@ -0,0 +1,7 @@
+package nl.myndocs.oauth2.request
+
+fun CallContext.headerCaseInsensitive(key: String) =
+        headers
+                .filter { it.key.equals(key, true) }
+                .values
+                .firstOrNull()

oauth2-server-core/src/main/java/nl/myndocs/oauth2/request/auth/BasicAuthorizer.kt

@@ -3,10 +3,13 @@ package nl.myndocs.oauth2.request.auth
 import nl.myndocs.oauth2.authenticator.Authorizer
 import nl.myndocs.oauth2.authenticator.Credentials
 import nl.myndocs.oauth2.request.CallContext
+import nl.myndocs.oauth2.request.headerCaseInsensitive
 
+// @TODO: BasicAuth should be injected instead of static call
 open class BasicAuthorizer(protected val context: CallContext) : Authorizer {
     override fun extractCredentials(): Credentials? {
-        val authorizationHeader = context.headers["authorization"] ?: ""
+        val authorizationHeader = context.headerCaseInsensitive("authorization") ?: ""
+
         return BasicAuth.parseCredentials(authorizationHeader)
     }
 

oauth2-server-core/src/test/java/nl/myndocs/oauth2/request/auth/BasicAuthorizerTest.kt

@@ -0,0 +1,42 @@
+package nl.myndocs.oauth2.request.auth
+
+import io.mockk.every
+import io.mockk.mockk
+import nl.myndocs.oauth2.request.CallContext
+import org.hamcrest.CoreMatchers.*
+import org.hamcrest.MatcherAssert.assertThat
+import org.junit.jupiter.api.Test
+import java.util.*
+
+internal class BasicAuthorizerTest {
+
+    @Test
+    fun `test authorization head is case insensitive with all uppercase input`() {
+        `test authorization head is case insensitive with input`(
+                "AUTHORIZATION"
+        )
+    }
+
+    @Test
+    fun `test authorization head is case insensitive with all lowercase input`() {
+        `test authorization head is case insensitive with input`(
+                "authorization"
+        )
+    }
+
+    private fun `test authorization head is case insensitive with input`(authorizationKeyName: String) {
+        val callContext = mockk<CallContext>()
+        val username = "test"
+        val password = "test-password"
+
+        val testCredentials = Base64.getEncoder().encodeToString("$username:$password".toByteArray())
+
+        every { callContext.headers } returns mapOf(authorizationKeyName to "basic $testCredentials")
+        val credentials = BasicAuthorizer(callContext)
+                .extractCredentials()
+
+        assertThat(credentials, `is`(notNullValue()))
+        assertThat(credentials!!.username, `is`(equalTo(username)))
+        assertThat(credentials.password, `is`(equalTo(password)))
+    }
+}

oauth2-server-http4k/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>kotlin-oauth2-server</artifactId>
         <groupId>nl.myndocs</groupId>
-        <version>0.3.0</version>
+        <version>0.3.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

oauth2-server-identity-inmemory/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>kotlin-oauth2-server</artifactId>
         <groupId>nl.myndocs</groupId>
-        <version>0.3.0</version>
+        <version>0.3.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

oauth2-server-javalin/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>kotlin-oauth2-server</artifactId>
         <groupId>nl.myndocs</groupId>
-        <version>0.3.0</version>
+        <version>0.3.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>