From 044443f31500b00ca8d5aa62cf0cacac90734c5a Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 12 May 2021 13:06:08 -0700 Subject: [PATCH] Rename `X-Pinniped-Idp-*` headers to `Pinniped-*` See RFC6648 which asks that people stop using `X-` on header names. Also Matt preferred not mentioning "IDP" in the header name. Signed-off-by: Matt Moyer --- internal/oidc/auth/auth_handler.go | 4 ++-- internal/oidc/auth/auth_handler_test.go | 4 ++-- pkg/oidcclient/login.go | 4 ++-- pkg/oidcclient/login_test.go | 4 ++-- test/integration/supervisor_login_test.go | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/internal/oidc/auth/auth_handler.go b/internal/oidc/auth/auth_handler.go index 12b0e915..21aad56c 100644 --- a/internal/oidc/auth/auth_handler.go +++ b/internal/oidc/auth/auth_handler.go @@ -27,8 +27,8 @@ import ( ) const ( - CustomUsernameHeaderName = "X-Pinniped-Idp-Username" - CustomPasswordHeaderName = "X-Pinniped-Idp-Password" //nolint:gosec // this is not a credential + CustomUsernameHeaderName = "Pinniped-Username" + CustomPasswordHeaderName = "Pinniped-Password" //nolint:gosec // this is not a credential ) func NewHandler( diff --git a/internal/oidc/auth/auth_handler_test.go b/internal/oidc/auth/auth_handler_test.go index efb164e3..98da84bc 100644 --- a/internal/oidc/auth/auth_handler_test.go +++ b/internal/oidc/auth/auth_handler_test.go @@ -1119,10 +1119,10 @@ func TestAuthorizationEndpoint(t *testing.T) { req.Header.Set("Cookie", test.csrfCookie) } if test.customUsernameHeader != nil { - req.Header.Set("X-Pinniped-Idp-Username", *test.customUsernameHeader) + req.Header.Set("Pinniped-Username", *test.customUsernameHeader) } if test.customPasswordHeader != nil { - req.Header.Set("X-Pinniped-Idp-Password", *test.customPasswordHeader) + req.Header.Set("Pinniped-Password", *test.customPasswordHeader) } rsp := httptest.NewRecorder() subject.ServeHTTP(rsp, req) diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index d8539090..e2d0e2bf 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -52,8 +52,8 @@ const ( supervisorAuthorizeUpstreamNameParam = "pinniped_idp_name" supervisorAuthorizeUpstreamTypeParam = "pinniped_idp_type" - supervisorAuthorizeUpstreamUsernameHeader = "X-Pinniped-Idp-Username" - supervisorAuthorizeUpstreamPasswordHeader = "X-Pinniped-Idp-Password" // nolint:gosec // this is not a credential + supervisorAuthorizeUpstreamUsernameHeader = "Pinniped-Username" + supervisorAuthorizeUpstreamPasswordHeader = "Pinniped-Password" // nolint:gosec // this is not a credential defaultLDAPUsernamePrompt = "Username: " defaultLDAPPasswordPrompt = "Password: " diff --git a/pkg/oidcclient/login_test.go b/pkg/oidcclient/login_test.go index bf5ded20..4cc23f93 100644 --- a/pkg/oidcclient/login_test.go +++ b/pkg/oidcclient/login_test.go @@ -893,8 +893,8 @@ func TestLogin(t *testing.T) { // nolint:gocyclo return defaultDiscoveryResponse(req) case "http://" + successServer.Listener.Addr().String() + "/authorize": authorizeRequestWasMade = true - require.Equal(t, "some-upstream-username", req.Header.Get("X-Pinniped-Idp-Username")) - require.Equal(t, "some-upstream-password", req.Header.Get("X-Pinniped-Idp-Password")) + require.Equal(t, "some-upstream-username", req.Header.Get("Pinniped-Username")) + require.Equal(t, "some-upstream-password", req.Header.Get("Pinniped-Password")) require.Equal(t, url.Values{ // This is the PKCE challenge which is calculated as base64(sha256("test-pkce")). For example: // $ echo -n test-pkce | shasum -a 256 | cut -d" " -f1 | xxd -r -p | base64 | cut -d"=" -f1 diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 2cba7da0..fbfa8d7b 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -464,8 +464,8 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho require.NoError(t, err) // Set the custom username/password headers for the LDAP authorize request. - authRequest.Header.Set("X-Pinniped-Idp-Username", upstreamUsername) - authRequest.Header.Set("X-Pinniped-Idp-Password", upstreamPassword) + authRequest.Header.Set("Pinniped-Username", upstreamUsername) + authRequest.Header.Set("Pinniped-Password", upstreamPassword) authResponse, err := httpClient.Do(authRequest) require.NoError(t, err)