When authorization header exists, do not introduce token (required for proxying)
Change-Id: I3bdeee6ebdc2d02021921cdd827be12442bda1b7
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 8f770a7..fc2cd8b 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -80,34 +80,50 @@
$app->hook(
before_korap_request => sub {
my ($c, $tx) = @_;
- my $auth_token = $c->auth->token or return;
my $h = $tx->req->headers;
- $h->header('Authorization' => $auth_token);
+
+ # If the request already has an Authorization
+ # header, respect it
+ unless ($h->authorization) {
+ my $auth_token = $c->auth->token or return;
+ $h->authorization($auth_token);
+
+ }
# TODO:
# When a request fails because the access token timed out,
# rerequest with the refresh token.
+
+ # TODO:
+ # Check if the auth_token is timed out
+
}
);
- # Get the user token necessary for authorization
+ # Get or set the user token necessary for authorization
$app->helper(
'auth.token' => sub {
- my $c = shift;
+ my ($c, $token) = @_;
- # Get token from stash
- my $token = $c->stash('auth');
+ unless ($token) {
+ # Get token from stash
+ $token = $c->stash('auth');
- return $token if $token;
+ return $token if $token;
- # Get auth from session
- my $auth = $c->session('auth') or return;
+ # Get auth from session
+ $token = $c->session('auth') or return;
- # Set token to stash
- $c->stash(auth => $auth);
+ # Set token to stash
+ $c->stash(auth => $token);
- return $auth;
+ return $token;
+ };
+
+ # Set auth token
+ $c->stash('auth' => $token);
+ $c->session('auth' => $token);
}
);
diff --git a/lib/Kalamar/Plugin/KalamarUser.pm b/lib/Kalamar/Plugin/KalamarUser.pm
index 60fadfe..9915e45 100644
--- a/lib/Kalamar/Plugin/KalamarUser.pm
+++ b/lib/Kalamar/Plugin/KalamarUser.pm
@@ -86,7 +86,6 @@
'X-Forwarded-For' => $c->client_ip
);
-
# Emit Hook to alter request
$c->app->plugins->emit_hook(
before_korap_request => ($c, $tx)
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index d67837f..bd1dee8 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -257,12 +257,38 @@
;
+# Test before_korap_request_hook
+my $app = $t->app;
+my $c = $app->build_controller;
+my $tx = $app->build_tx('GET', 'https://korap.ids-mannheim.de/');
+
+# Emit Hook to alter request
+$app->plugins->emit_hook(
+ before_korap_request => ($c, $tx)
+);
+
+ok(!$tx->req->headers->authorization, 'No authorization');
+
+# Set token
+$c->auth->token('abcd');
+
+# Emit Hook to alter request
+$app->plugins->emit_hook(
+ before_korap_request => ($c, $tx)
+);
+
+is($tx->req->headers->authorization, 'abcd', 'authorization');
+
+# Override authorization in header
+$tx->req->headers->authorization('xyz');
+
+# Emit Hook to alter request
+$app->plugins->emit_hook(
+ before_korap_request => ($c, $tx)
+);
+
+is($tx->req->headers->authorization, 'xyz', 'authorization');
+
done_testing;
__END__
-
-
-# Login mit falschem Nutzernamen:
-# 400 und:
-{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
-