Rename X-Pinniped-Idp-* headers to Pinniped-*

See RFC6648 which asks that people stop using `X-` on header names. Also Matt preferred not mentioning "IDP" in the header name. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-12 13:06:08 -07:00 · 2021-05-12 13:06:08 -07:00 · 044443f315
commit 044443f315
parent 9ca72fcd30
5 changed files with 10 additions and 10 deletions
--- a/internal/oidc/auth/auth_handler.go
+++ b/internal/oidc/auth/auth_handler.go
@ -27,8 +27,8 @@ import (
 )
 const (
-	CustomUsernameHeaderName = "X-Pinniped-Idp-Username"
+	CustomUsernameHeaderName = "Pinniped-Username"
-	CustomPasswordHeaderName = "X-Pinniped-Idp-Password" //nolint:gosec // this is not a credential
+	CustomPasswordHeaderName = "Pinniped-Password" //nolint:gosec // this is not a credential
 )
 func NewHandler(
--- a/internal/oidc/auth/auth_handler_test.go
+++ b/internal/oidc/auth/auth_handler_test.go
@ -1119,10 +1119,10 @@ func TestAuthorizationEndpoint(t *testing.T) {
 			req.Header.Set("Cookie", test.csrfCookie)
 		}
 		if test.customUsernameHeader != nil {
-			req.Header.Set("X-Pinniped-Idp-Username", *test.customUsernameHeader)
+			req.Header.Set("Pinniped-Username", *test.customUsernameHeader)
 		}
 		if test.customPasswordHeader != nil {
-			req.Header.Set("X-Pinniped-Idp-Password", *test.customPasswordHeader)
+			req.Header.Set("Pinniped-Password", *test.customPasswordHeader)
 		}
 		rsp := httptest.NewRecorder()
 		subject.ServeHTTP(rsp, req)
--- a/pkg/oidcclient/login.go
+++ b/pkg/oidcclient/login.go
@ -52,8 +52,8 @@ const (
 	supervisorAuthorizeUpstreamNameParam      = "pinniped_idp_name"
 	supervisorAuthorizeUpstreamTypeParam      = "pinniped_idp_type"
-	supervisorAuthorizeUpstreamUsernameHeader = "X-Pinniped-Idp-Username"
+	supervisorAuthorizeUpstreamUsernameHeader = "Pinniped-Username"
-	supervisorAuthorizeUpstreamPasswordHeader = "X-Pinniped-Idp-Password" // nolint:gosec // this is not a credential
+	supervisorAuthorizeUpstreamPasswordHeader = "Pinniped-Password" // nolint:gosec // this is not a credential
 	defaultLDAPUsernamePrompt = "Username: "
 	defaultLDAPPasswordPrompt = "Password: "
--- a/pkg/oidcclient/login_test.go
+++ b/pkg/oidcclient/login_test.go
@ -893,8 +893,8 @@ func TestLogin(t *testing.T) { // nolint:gocyclo
 								return defaultDiscoveryResponse(req)
 							case "http://" + successServer.Listener.Addr().String() + "/authorize":
 								authorizeRequestWasMade = true
-								require.Equal(t, "some-upstream-username", req.Header.Get("X-Pinniped-Idp-Username"))
+								require.Equal(t, "some-upstream-username", req.Header.Get("Pinniped-Username"))
-								require.Equal(t, "some-upstream-password", req.Header.Get("X-Pinniped-Idp-Password"))
+								require.Equal(t, "some-upstream-password", req.Header.Get("Pinniped-Password"))
 								require.Equal(t, url.Values{
 									// This is the PKCE challenge which is calculated as base64(sha256("test-pkce")). For example:
 									// $ echo -n test-pkce | shasum -a 256 | cut -d" " -f1 | xxd -r -p | base64 | cut -d"=" -f1
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@ -464,8 +464,8 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
 	require.NoError(t, err)
 	// Set the custom username/password headers for the LDAP authorize request.
-	authRequest.Header.Set("X-Pinniped-Idp-Username", upstreamUsername)
+	authRequest.Header.Set("Pinniped-Username", upstreamUsername)
-	authRequest.Header.Set("X-Pinniped-Idp-Password", upstreamPassword)
+	authRequest.Header.Set("Pinniped-Password", upstreamPassword)
 	authResponse, err := httpClient.Do(authRequest)
 	require.NoError(t, err)