🚧 Fix critical bug with auth header

src/main/java/dev/dinauer/oidcproxy/proxy/header/HeaderFilter.java

@@ -29,24 +29,11 @@ public class HeaderFilter
         List<Map.Entry<String, String>> headers = filterHop2HopHeaders(request.headers().entries());
         if ("OIDC".equals(strategy))
         {
-            headers = oidcStrategy.filter(getAccessToken(request), headers);
+            headers = oidcStrategy.filter(request, headers);
         }
         return headers;
     }
 
-    private String getAccessToken(HttpServerRequest request) throws TokenNotFoundException
-    {
-        for (Cookie cookie : request.cookies())
-        {
-            if ("session".equals(cookie.getName()))
-            {
-                String session = cookie.getValue();
-                return sessionCache.get(session);
-            }
-        }
-        throw new UnauthorizedException();
-    }
-
     private List<Map.Entry<String, String>> filterHop2HopHeaders(List<Map.Entry<String, String>> input)
     {
         List<Map.Entry<String, String>> result = new LinkedList<>();

src/main/java/dev/dinauer/oidcproxy/proxy/header/strategy/OidcStrategy.java

@@ -1,6 +1,12 @@
 package dev.dinauer.oidcproxy.proxy.header.strategy;
 
+import dev.dinauer.oidcproxy.proxy.exception.TokenNotFoundException;
+import dev.dinauer.oidcproxy.session.SessionCache;
+import io.quarkus.security.UnauthorizedException;
+import io.vertx.core.http.Cookie;
+import io.vertx.core.http.HttpServerRequest;
 import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
 import org.apache.commons.lang3.NotImplementedException;
 import org.apache.commons.lang3.Strings;
 
@@ -12,15 +18,31 @@ public class OidcStrategy
 {
     private static final String AUTH_HEADER = "Authorization";
 
-    public List<Map.Entry<String, String>> filter(String jwt, List<Map.Entry<String, String>> input)
+    @Inject
+    SessionCache sessionCache;
+
+    public List<Map.Entry<String, String>> filter(HttpServerRequest request, List<Map.Entry<String, String>> input) throws TokenNotFoundException
     {
         if (!hasAuthHeader(input))
         {
-            input.add(Map.entry(AUTH_HEADER, String.format("Bearer %s", jwt)));
+            input.add(Map.entry(AUTH_HEADER, String.format("Bearer %s", getAccessToken(request))));
         }
         return input;
     }
 
+    private String getAccessToken(HttpServerRequest request) throws TokenNotFoundException
+    {
+        for (Cookie cookie : request.cookies())
+        {
+            if ("session".equals(cookie.getName()))
+            {
+                String session = cookie.getValue();
+                return sessionCache.get(session);
+            }
+        }
+        throw new UnauthorizedException();
+    }
+
     private boolean hasAuthHeader(List<Map.Entry<String, String>> input)
     {
         for (Map.Entry<String, String> header : input)

src/main/resources/application.properties

@@ -6,7 +6,7 @@ oidc.proxy.client.redirect=http://localhost:3000
 %test,dev.oidc.proxy.routes.config.location=/home/andreas/Documents/dev/oidc-proxy/src/main/resources/routes.yaml
 %prod.oidc.proxy.routes.config.location=/var/lib/oidc-proxy/routes.yaml
 
-%test,dev.quarkus.hibernate-orm.schema-management.strategy=drop-and-create
+%test,dev.quarkus.hibernate-orm.schema-management.strategy=none
 
 %dev,test.quarkus.datasource.username=postgres
 %dev,test.quarkus.datasource.password=postgres