Skip to content

Commit 0328ccf

Browse files
ashmckenzieIgor Drozdov
ashmckenzie
and
Igor Drozdov
committed
Merge branch 'id-remove-secret-from-headers' into 'main'
Remove secret from request headers See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/689 Merged-by: Ash McKenzie <[email protected]> Approved-by: Ash McKenzie <[email protected]> Co-authored-by: Igor Drozdov <[email protected]>
2 parents c57041e + 0760411 commit 0328ccf

File tree

2 files changed

+0
-37
lines changed

2 files changed

+0
-37
lines changed

client/client_test.go

-34
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package client
22

33
import (
44
"context"
5-
"encoding/base64"
65
"encoding/json"
76
"fmt"
87
"io"
@@ -88,7 +87,6 @@ func TestClients(t *testing.T) {
8887
testSuccessfulPost(t, client)
8988
testMissing(t, client)
9089
testErrorMessage(t, client)
91-
testAuthenticationHeader(t, tc.secret, client)
9290
testJWTAuthenticationHeader(t, client)
9391
testXForwardedForHeader(t, client)
9492
testHostWithTrailingSlash(t, client)
@@ -168,38 +166,6 @@ func testBrokenRequest(t *testing.T, client *GitlabNetClient) {
168166
})
169167
}
170168

171-
func testAuthenticationHeader(t *testing.T, secret string, client *GitlabNetClient) {
172-
t.Run("Authentication headers for GET", func(t *testing.T) {
173-
response, err := client.Get(context.Background(), "/auth")
174-
require.NoError(t, err)
175-
require.NotNil(t, response)
176-
177-
defer response.Body.Close()
178-
179-
responseBody, err := io.ReadAll(response.Body)
180-
require.NoError(t, err)
181-
182-
header, err := base64.StdEncoding.DecodeString(string(responseBody))
183-
require.NoError(t, err)
184-
require.Equal(t, secret, string(header))
185-
})
186-
187-
t.Run("Authentication headers for POST", func(t *testing.T) {
188-
response, err := client.Post(context.Background(), "/auth", map[string]string{})
189-
require.NoError(t, err)
190-
require.NotNil(t, response)
191-
192-
defer response.Body.Close()
193-
194-
responseBody, err := io.ReadAll(response.Body)
195-
require.NoError(t, err)
196-
197-
header, err := base64.StdEncoding.DecodeString(string(responseBody))
198-
require.NoError(t, err)
199-
require.Equal(t, secret, string(header))
200-
})
201-
}
202-
203169
func testJWTAuthenticationHeader(t *testing.T, client *GitlabNetClient) {
204170
verifyJWTToken := func(t *testing.T, response *http.Response) {
205171
responseBody, err := io.ReadAll(response.Body)

client/gitlabnet.go

-3
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package client
33
import (
44
"bytes"
55
"context"
6-
"encoding/base64"
76
"encoding/json"
87
"fmt"
98
"io"
@@ -141,8 +140,6 @@ func (c *GitlabNetClient) DoRequest(ctx context.Context, method, path string, da
141140
if user != "" && password != "" {
142141
request.SetBasicAuth(user, password)
143142
}
144-
encodedSecret := base64.StdEncoding.EncodeToString([]byte(c.secret))
145-
request.Header.Set(secretHeaderName, encodedSecret)
146143

147144
claims := jwt.RegisteredClaims{
148145
Issuer: jwtIssuer,

0 commit comments

Comments
 (0)