From 308ec0c93a917728aea08c395712935ab2657eb2 Mon Sep 17 00:00:00 2001 From: Andreas Dinauer Date: Sat, 11 Apr 2026 16:37:08 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20Fix=20critical=20bug=20with=20au?= =?UTF-8?q?th=20header?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oidcproxy/proxy/header/HeaderFilter.java | 15 +---------- .../proxy/header/strategy/OidcStrategy.java | 26 +++++++++++++++++-- src/main/resources/application.properties | 2 +- 3 files changed, 26 insertions(+), 17 deletions(-) diff --git a/src/main/java/dev/dinauer/oidcproxy/proxy/header/HeaderFilter.java b/src/main/java/dev/dinauer/oidcproxy/proxy/header/HeaderFilter.java index 4799ff3..bc18efc 100644 --- a/src/main/java/dev/dinauer/oidcproxy/proxy/header/HeaderFilter.java +++ b/src/main/java/dev/dinauer/oidcproxy/proxy/header/HeaderFilter.java @@ -29,24 +29,11 @@ public class HeaderFilter List> headers = filterHop2HopHeaders(request.headers().entries()); if ("OIDC".equals(strategy)) { - headers = oidcStrategy.filter(getAccessToken(request), headers); + headers = oidcStrategy.filter(request, headers); } return headers; } - private String getAccessToken(HttpServerRequest request) throws TokenNotFoundException - { - for (Cookie cookie : request.cookies()) - { - if ("session".equals(cookie.getName())) - { - String session = cookie.getValue(); - return sessionCache.get(session); - } - } - throw new UnauthorizedException(); - } - private List> filterHop2HopHeaders(List> input) { List> result = new LinkedList<>(); diff --git a/src/main/java/dev/dinauer/oidcproxy/proxy/header/strategy/OidcStrategy.java b/src/main/java/dev/dinauer/oidcproxy/proxy/header/strategy/OidcStrategy.java index 765d5e8..353a457 100644 --- a/src/main/java/dev/dinauer/oidcproxy/proxy/header/strategy/OidcStrategy.java +++ b/src/main/java/dev/dinauer/oidcproxy/proxy/header/strategy/OidcStrategy.java @@ -1,6 +1,12 @@ package dev.dinauer.oidcproxy.proxy.header.strategy; +import dev.dinauer.oidcproxy.proxy.exception.TokenNotFoundException; +import dev.dinauer.oidcproxy.session.SessionCache; +import io.quarkus.security.UnauthorizedException; +import io.vertx.core.http.Cookie; +import io.vertx.core.http.HttpServerRequest; import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; import org.apache.commons.lang3.NotImplementedException; import org.apache.commons.lang3.Strings; @@ -12,15 +18,31 @@ public class OidcStrategy { private static final String AUTH_HEADER = "Authorization"; - public List> filter(String jwt, List> input) + @Inject + SessionCache sessionCache; + + public List> filter(HttpServerRequest request, List> input) throws TokenNotFoundException { if (!hasAuthHeader(input)) { - input.add(Map.entry(AUTH_HEADER, String.format("Bearer %s", jwt))); + input.add(Map.entry(AUTH_HEADER, String.format("Bearer %s", getAccessToken(request)))); } return input; } + private String getAccessToken(HttpServerRequest request) throws TokenNotFoundException + { + for (Cookie cookie : request.cookies()) + { + if ("session".equals(cookie.getName())) + { + String session = cookie.getValue(); + return sessionCache.get(session); + } + } + throw new UnauthorizedException(); + } + private boolean hasAuthHeader(List> input) { for (Map.Entry header : input) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 71eddbf..c97863c 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -6,7 +6,7 @@ oidc.proxy.client.redirect=http://localhost:3000 %test,dev.oidc.proxy.routes.config.location=/home/andreas/Documents/dev/oidc-proxy/src/main/resources/routes.yaml %prod.oidc.proxy.routes.config.location=/var/lib/oidc-proxy/routes.yaml -%test,dev.quarkus.hibernate-orm.schema-management.strategy=drop-and-create +%test,dev.quarkus.hibernate-orm.schema-management.strategy=none %dev,test.quarkus.datasource.username=postgres %dev,test.quarkus.datasource.password=postgres