As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Commit 0328ccff authored by Ash McKenzie's avatar Ash McKenzie
Browse files

Merge branch 'id-remove-secret-from-headers' into 'main' 

Remove secret from request headers

See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/689



Merged-by: default avatarAsh McKenzie <amckenzie@gitlab.com>
Approved-by: default avatarAsh McKenzie <amckenzie@gitlab.com>
Co-authored-by: default avatarIgor Drozdov <idrozdov@gitlab.com>
parents c57041e2 07604117
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
client/client_test.go
+ 0
34
View file @ 0328ccff
@@ -2,7 +2,6 @@ package client
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
@@ -88,7 +87,6 @@ func TestClients(t *testing.T) {
testSuccessfulPost(t, client)
testMissing(t, client)
testErrorMessage(t, client)
testAuthenticationHeader(t, tc.secret, client)
testJWTAuthenticationHeader(t, client)
testXForwardedForHeader(t, client)
testHostWithTrailingSlash(t, client)
@@ -168,38 +166,6 @@ func testBrokenRequest(t *testing.T, client *GitlabNetClient) {
})
}
func testAuthenticationHeader(t *testing.T, secret string, client *GitlabNetClient) {
t.Run("Authentication headers for GET", func(t *testing.T) {
response, err := client.Get(context.Background(), "/auth")
require.NoError(t, err)
require.NotNil(t, response)
defer response.Body.Close()
responseBody, err := io.ReadAll(response.Body)
require.NoError(t, err)
header, err := base64.StdEncoding.DecodeString(string(responseBody))
require.NoError(t, err)
require.Equal(t, secret, string(header))
})
t.Run("Authentication headers for POST", func(t *testing.T) {
response, err := client.Post(context.Background(), "/auth", map[string]string{})
require.NoError(t, err)
require.NotNil(t, response)
defer response.Body.Close()
responseBody, err := io.ReadAll(response.Body)
require.NoError(t, err)
header, err := base64.StdEncoding.DecodeString(string(responseBody))
require.NoError(t, err)
require.Equal(t, secret, string(header))
})
}
func testJWTAuthenticationHeader(t *testing.T, client *GitlabNetClient) {
verifyJWTToken := func(t *testing.T, response *http.Response) {
responseBody, err := io.ReadAll(response.Body)
client/gitlabnet.go
+ 0
3
View file @ 0328ccff
@@ -3,7 +3,6 @@ package client
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io"
@@ -141,8 +140,6 @@ func (c *GitlabNetClient) DoRequest(ctx context.Context, method, path string, da
if user != "" && password != "" {
request.SetBasicAuth(user, password)
}
encodedSecret := base64.StdEncoding.EncodeToString([]byte(c.secret))
request.Header.Set(secretHeaderName, encodedSecret)
claims := jwt.RegisteredClaims{
Issuer: jwtIssuer,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.