Rename X-Pinniped-Idp-* headers to Pinniped-*

See RFC6648 which asks that people stop using `X-` on header names.
Also Matt preferred not mentioning "IDP" in the header name.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Ryan Richard 2021-05-12 13:06:08 -07:00 committed by Matt Moyer
parent 9ca72fcd30
commit 044443f315
5 changed files with 10 additions and 10 deletions

View File

@ -27,8 +27,8 @@ import (
)
const (
CustomUsernameHeaderName = "X-Pinniped-Idp-Username"
CustomPasswordHeaderName = "X-Pinniped-Idp-Password" //nolint:gosec // this is not a credential
CustomUsernameHeaderName = "Pinniped-Username"
CustomPasswordHeaderName = "Pinniped-Password" //nolint:gosec // this is not a credential
)
func NewHandler(

View File

@ -1119,10 +1119,10 @@ func TestAuthorizationEndpoint(t *testing.T) {
req.Header.Set("Cookie", test.csrfCookie)
}
if test.customUsernameHeader != nil {
req.Header.Set("X-Pinniped-Idp-Username", *test.customUsernameHeader)
req.Header.Set("Pinniped-Username", *test.customUsernameHeader)
}
if test.customPasswordHeader != nil {
req.Header.Set("X-Pinniped-Idp-Password", *test.customPasswordHeader)
req.Header.Set("Pinniped-Password", *test.customPasswordHeader)
}
rsp := httptest.NewRecorder()
subject.ServeHTTP(rsp, req)

View File

@ -52,8 +52,8 @@ const (
supervisorAuthorizeUpstreamNameParam = "pinniped_idp_name"
supervisorAuthorizeUpstreamTypeParam = "pinniped_idp_type"
supervisorAuthorizeUpstreamUsernameHeader = "X-Pinniped-Idp-Username"
supervisorAuthorizeUpstreamPasswordHeader = "X-Pinniped-Idp-Password" // nolint:gosec // this is not a credential
supervisorAuthorizeUpstreamUsernameHeader = "Pinniped-Username"
supervisorAuthorizeUpstreamPasswordHeader = "Pinniped-Password" // nolint:gosec // this is not a credential
defaultLDAPUsernamePrompt = "Username: "
defaultLDAPPasswordPrompt = "Password: "

View File

@ -893,8 +893,8 @@ func TestLogin(t *testing.T) { // nolint:gocyclo
return defaultDiscoveryResponse(req)
case "http://" + successServer.Listener.Addr().String() + "/authorize":
authorizeRequestWasMade = true
require.Equal(t, "some-upstream-username", req.Header.Get("X-Pinniped-Idp-Username"))
require.Equal(t, "some-upstream-password", req.Header.Get("X-Pinniped-Idp-Password"))
require.Equal(t, "some-upstream-username", req.Header.Get("Pinniped-Username"))
require.Equal(t, "some-upstream-password", req.Header.Get("Pinniped-Password"))
require.Equal(t, url.Values{
// This is the PKCE challenge which is calculated as base64(sha256("test-pkce")). For example:
// $ echo -n test-pkce | shasum -a 256 | cut -d" " -f1 | xxd -r -p | base64 | cut -d"=" -f1

View File

@ -464,8 +464,8 @@ func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAutho
require.NoError(t, err)
// Set the custom username/password headers for the LDAP authorize request.
authRequest.Header.Set("X-Pinniped-Idp-Username", upstreamUsername)
authRequest.Header.Set("X-Pinniped-Idp-Password", upstreamPassword)
authRequest.Header.Set("Pinniped-Username", upstreamUsername)
authRequest.Header.Set("Pinniped-Password", upstreamPassword)
authResponse, err := httpClient.Do(authRequest)
require.NoError(t, err)