Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-25

Malformed Authorization header returns 500

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: P3
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Template:
    • Development Team:
      Core: Platform

      Description

      If a request has a malformed Bearer Authorization header, the system will evaluate it to null and throws Null Pointer exception when trying to comparing null with x-okapi-token, which will return 500 to client. Ideally 4xx should be returned.

      https://github.com/folio-org/mod-authtoken/blob/master/src/main/java/org/folio/auth/authtokenmodule/MainVerticle.java#L220

      String authToken = extractToken(authHeader);
      if(authToken.equals(okapiTokenHeader)) {
      
      ...
      public String extractToken(String authorizationHeader) {
        Pattern pattern = null;
        Matcher matcher = null;
        String authToken = null;
        if(authorizationHeader == null) { return null; }
        pattern = Pattern.compile("Bearer\\s+(.+)"); // Grab anything after 'Bearer' and whitespace
        matcher = pattern.matcher(authorizationHeader);
        if(matcher.find() && matcher.groupCount() > 0) {
          return matcher.group(1);
        }
        return null;
      }
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                kurt Kurt Nordstrom
                Reporter:
                hji Hongwei Ji
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases