Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-25

Malformed Authorization header returns 500

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • None
    • None
    • Core: Platform

    Description

      If a request has a malformed Bearer Authorization header, the system will evaluate it to null and throws Null Pointer exception when trying to comparing null with x-okapi-token, which will return 500 to client. Ideally 4xx should be returned.

      https://github.com/folio-org/mod-authtoken/blob/master/src/main/java/org/folio/auth/authtokenmodule/MainVerticle.java#L220

      String authToken = extractToken(authHeader);
if(authToken.equals(okapiTokenHeader)) {

...
public String extractToken(String authorizationHeader) {
  Pattern pattern = null;
  Matcher matcher = null;
  String authToken = null;
  if(authorizationHeader == null) { return null; }
  pattern = Pattern.compile("Bearer\\s+(.+)"); // Grab anything after 'Bearer' and whitespace
  matcher = pattern.matcher(authorizationHeader);
  if(matcher.find() && matcher.groupCount() > 0) {
    return matcher.group(1);
  }
  return null;
}

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Bug - A problem which impairs or prevents the functions of the product. MODAT-50 Does not pass X-Okapi-Request-Id

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                kurt Kurt Nordstrom
                hji Hongwei Ji
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases