Skip to content

Commit 542950d

Browse files
committed
Allow case-insensitive Authorization header lookup
Since reqwest downcases header names: > Header names are normalized to lower case. In other words, when > creating a HeaderName with a string, even if upper case characters are > included, when getting a string representation of the HeaderName, it > will be all lower case. This allows for faster HeaderMap comparison > operations. https://docs.rs/reqwest/latest/reqwest/header/index.html#headername
1 parent 022ee5e commit 542950d

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

rust/auth-impls/src/signature.rs

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,16 @@ impl Authorizer for SignatureValidatingAuthorizer {
4343
&self, headers_map: &HashMap<String, String>,
4444
) -> Result<AuthResponse, VssError> {
4545
let auth_header = headers_map
46-
.get("Authorization")
46+
.iter()
47+
.find_map(
48+
|(name, value)| {
49+
if name.eq_ignore_ascii_case("Authorization") {
50+
Some(value)
51+
} else {
52+
None
53+
}
54+
},
55+
)
4756
.ok_or_else(|| VssError::AuthError("Authorization header not found.".to_string()))?;
4857

4958
if auth_header.len() <= (33 + 64) * 2 {
@@ -125,6 +134,11 @@ mod tests {
125134
headers_map.insert("Authorization".to_string(), token);
126135
assert_eq!(auth.verify(&headers_map).await.unwrap().user_token, format!("{pubkey:x}"));
127136

137+
// Test a valid signature with lowercase header key
138+
let (token, pubkey) = build_token(now);
139+
headers_map.insert("authorization".to_string(), token);
140+
assert_eq!(auth.verify(&headers_map).await.unwrap().user_token, format!("{pubkey:x}"));
141+
128142
// Test a signature too far in the future
129143
let (token, _) = build_token(now + 60 * 60 * 24 + 10);
130144
headers_map.insert("Authorization".to_string(), token);

0 commit comments

Comments
 (0)