fix: basic_auth authenticator is not responsible for the request any …

…more if the Authorization header does not contain Basic Auth schema (#107)
dadrus · Jul 23, 2022 · 96136ef · 96136ef
1 parent 6129f10
commit 96136ef
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/internal/pipeline/authenticators/basic_auth_authenticator.go b/internal/pipeline/authenticators/basic_auth_authenticator.go
@@ -41,12 +41,12 @@ type basicAuthAuthenticator struct {
 }
 
 func newBasicAuthAuthenticator(rawConfig map[string]any) (*basicAuthAuthenticator, error) {
-	type _config struct {
+	type Config struct {
 		UserID   string `mapstructure:"user_id"`
 		Password string `mapstructure:"password"`
 	}
 
-	var conf _config
+	var conf Config
 
 	if err := decodeConfig(rawConfig, &conf); err != nil {
 		return nil, errorchain.
@@ -85,19 +85,19 @@ func (a *basicAuthAuthenticator) Execute(ctx heimdall.Context) (*subject.Subject
 
 	headerValue := ctx.RequestHeader("Authorization")
 	if len(headerValue) == 0 {
-		return nil, errorchain.NewWithMessage(heimdall.ErrAuthentication, "no Authorization header received").
-			CausedBy(heimdall.ErrArgument)
+		return nil, errorchain.NewWithMessage(heimdall.ErrAuthentication,
+			"no Authorization header received").CausedBy(heimdall.ErrArgument)
 	}
 
 	schemeAndValue := strings.Split(headerValue, " ")
 	if len(schemeAndValue) != basicAuthSchemeAttributes {
-		return nil, errorchain.
-			NewWithMessage(heimdall.ErrAuthentication, "unexpected value in the Authorization header")
+		return nil, errorchain.NewWithMessage(heimdall.ErrAuthentication,
+			"unexpected value in the Authorization header").CausedBy(heimdall.ErrArgument)
 	}
 
 	if schemeAndValue[0] != "Basic" {
-		return nil, errorchain.
-			NewWithMessagef(heimdall.ErrAuthentication, "unexpected authentication scheme: %s", schemeAndValue[0])
+		return nil, errorchain.NewWithMessagef(heimdall.ErrAuthentication,
+			"unexpected authentication scheme: %s", schemeAndValue[0]).CausedBy(heimdall.ErrArgument)
 	}
 
 	res, err := base64.StdEncoding.DecodeString(schemeAndValue[1])
@@ -137,12 +137,12 @@ func (a *basicAuthAuthenticator) WithConfig(rawConfig map[string]any) (Authentic
 		return a, nil
 	}
 
-	type _config struct {
+	type Config struct {
 		UserID   string `mapstructure:"user_id"`
 		Password string `mapstructure:"password"`
 	}
 
-	var conf _config
+	var conf Config
 
 	if err := decodeConfig(rawConfig, &conf); err != nil {
 		return nil, errorchain.

diff --git a/internal/pipeline/authenticators/basic_auth_authenticator_test.go b/internal/pipeline/authenticators/basic_auth_authenticator_test.go
@@ -283,6 +283,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.ErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "unexpected value")
 
 				assert.Nil(t, sub)
@@ -300,6 +301,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.ErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "unexpected authentication scheme")
 
 				assert.Nil(t, sub)
@@ -317,6 +319,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.NotErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "failed to decode")
 
 				assert.Nil(t, sub)
@@ -335,6 +338,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.NotErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "malformed user-id - password")
 
 				assert.Nil(t, sub)
@@ -353,6 +357,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.NotErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "invalid user credentials")
 
 				assert.Nil(t, sub)
@@ -371,6 +376,7 @@ password: bar`))
 
 				assert.Error(t, err)
 				assert.ErrorIs(t, err, heimdall.ErrAuthentication)
+				assert.NotErrorIs(t, err, heimdall.ErrArgument)
 				assert.Contains(t, err.Error(), "invalid user credentials")
 
 				assert.Nil(t, sub)