As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Commit 07604117 authored by Igor Drozdov's avatar Igor Drozdov
Browse files

Remove secret from request headers 

Now the requests are verified via JWT
parent c57041e2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
client/client_test.go
+ 0
34
View file @ 07604117
@@ -2,7 +2,6 @@ package client
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
@@ -88,7 +87,6 @@ func TestClients(t *testing.T) {
testSuccessfulPost(t, client)
testMissing(t, client)
testErrorMessage(t, client)
testAuthenticationHeader(t, tc.secret, client)
testJWTAuthenticationHeader(t, client)
testXForwardedForHeader(t, client)
testHostWithTrailingSlash(t, client)
@@ -168,38 +166,6 @@ func testBrokenRequest(t *testing.T, client *GitlabNetClient) {
})
}
func testAuthenticationHeader(t *testing.T, secret string, client *GitlabNetClient) {
t.Run("Authentication headers for GET", func(t *testing.T) {
response, err := client.Get(context.Background(), "/auth")
require.NoError(t, err)
require.NotNil(t, response)
defer response.Body.Close()
responseBody, err := io.ReadAll(response.Body)
require.NoError(t, err)
header, err := base64.StdEncoding.DecodeString(string(responseBody))
require.NoError(t, err)
require.Equal(t, secret, string(header))
})
t.Run("Authentication headers for POST", func(t *testing.T) {
response, err := client.Post(context.Background(), "/auth", map[string]string{})
require.NoError(t, err)
require.NotNil(t, response)
defer response.Body.Close()
responseBody, err := io.ReadAll(response.Body)
require.NoError(t, err)
header, err := base64.StdEncoding.DecodeString(string(responseBody))
require.NoError(t, err)
require.Equal(t, secret, string(header))
})
}
func testJWTAuthenticationHeader(t *testing.T, client *GitlabNetClient) {
verifyJWTToken := func(t *testing.T, response *http.Response) {
responseBody, err := io.ReadAll(response.Body)
client/gitlabnet.go
+ 0
3
View file @ 07604117
@@ -3,7 +3,6 @@ package client
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
@@ -141,8 +140,6 @@ func (c *GitlabNetClient) DoRequest(ctx context.Context, method, path string, da
if user != "" && password != "" {
request.SetBasicAuth(user, password)
}
encodedSecret := base64.StdEncoding.EncodeToString([]byte(c.secret))
request.Header.Set(secretHeaderName, encodedSecret)
claims := jwt.RegisteredClaims{
Issuer: jwtIssuer,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.