1893336421

Committed 27 Jun 2025 07:09AM UTC coverage: 65.651% (-0.08%) from 65.731%

Build # 1893336421

Build Type

Pull #764

gitlab-ci

Committed by

bahaa-ghazal

Commit Message

fix(useradm): Use contenttype middleware for login endpoint

Signed-off-by: Bahaa Aldeen Ghazal <bahaa.ghazal@northern.tech>

Pull Request Pull Request #764: refactor(useradm): Migrate from ant0nie/go-json-rest to gin-gonic/gin

Run Details

265 of 312 new or added lines in 6 files covered. (84.94%)

5 existing lines in 2 files now uncovered.

32387 of 49332 relevant lines covered (65.65%)

1.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.05

/backend/services/useradm/api/http/utils.go

// Copyright 2021 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package http

import (
        "errors"
        "net/http"
        "strings"
)

// Action combines info about the requested resourd + http method.
type Action struct {
        Resource string
        Method   string
}

// ExtractResourceAction extracts resource action from the request url
func ExtractResourceAction(r *http.Request) (*Action, error) {
        action := Action{}

        // extract original uri
        uri := r.Header.Get("X-Forwarded-Uri")
        if uri == "" {
                uri = r.Header.Get("X-Forwarded-URI")
        }
        uriItems := strings.Split(uri, "/")

        if uri == "" || len(uriItems) < 4 {
                return nil, errors.New("can't parse service name from original uri " + uri)
        }

        action.Resource = strings.Join(uriItems[4:], ":")

        // extract original http method
        action.Method = r.Header.Get("X-Forwarded-Method")
        if action.Method == "" {
                action.Method = r.Header.Get("X-Forwarded-Method")
        }
        if action.Method == "" {
                return nil, errors.New("can't parse original request method")
        }

        return &action, nil
}

// extracts JWT from authorization header
func ExtractToken(req *http.Request) (string, error) {
        const authHeaderName = "Authorization"
        auth := req.Header.Get(authHeaderName)
        if auth != "" {
                auths := strings.Fields(auth)
                if !strings.EqualFold(auths[0], "Bearer") || len(auths) < 2 {
                        return "", ErrInvalidAuthHeader
                }
                return auths[1], nil
        }
        cookie, err := req.Cookie("JWT")
        if err != nil {
                return "", ErrAuthzNoAuth
        }
        auth = cookie.Value
        if auth == "" {
                return "", ErrAuthzNoAuth
        }
        return auth, nil
}

1	// Copyright 2021 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package http
15
16	import (
17	"errors"
18	"net/http"
19	"strings"
20	)
21
22	// Action combines info about the requested resourd + http method.
23	type Action struct {
24	Resource string
25	Method string
26	}
27
28	// ExtractResourceAction extracts resource action from the request url
29	func ExtractResourceAction(r http.Request) (Action, error) {	3✔
30	action := Action{}	3✔
31		3✔
32	// extract original uri	3✔
33	uri := r.Header.Get("X-Forwarded-Uri")	3✔
34	if uri == "" {	3✔
35	uri = r.Header.Get("X-Forwarded-URI")	×
36	}	×
37	uriItems := strings.Split(uri, "/")	3✔
38		3✔
39	if uri == "" \|\| len(uriItems) < 4 {	4✔
40	return nil, errors.New("can't parse service name from original uri " + uri)	1✔
41	}	1✔
42
43	action.Resource = strings.Join(uriItems[4:], ":")	3✔
44		3✔
45	// extract original http method	3✔
46	action.Method = r.Header.Get("X-Forwarded-Method")	3✔
47	if action.Method == "" {	3✔
48	action.Method = r.Header.Get("X-Forwarded-Method")	×
49	}	×
50	if action.Method == "" {	3✔
51	return nil, errors.New("can't parse original request method")	×
52	}	×
53
54	return &action, nil	3✔
55	}
56
57	// extracts JWT from authorization header
58	func ExtractToken(req *http.Request) (string, error) {	3✔
59	const authHeaderName = "Authorization"	3✔
60	auth := req.Header.Get(authHeaderName)	3✔
61	if auth != "" {	6✔
62	auths := strings.Fields(auth)	3✔
63	if !strings.EqualFold(auths[0], "Bearer") \|\| len(auths) < 2 {	3✔
NEW 64	return "", ErrInvalidAuthHeader	×
NEW 65	}	×
66	return auths[1], nil	3✔
67	}
68	cookie, err := req.Cookie("JWT")	1✔
69	if err != nil {	2✔
70	return "", ErrAuthzNoAuth	1✔
71	}	1✔
NEW 72	auth = cookie.Value	×
NEW 73	if auth == "" {	×
NEW 74	return "", ErrAuthzNoAuth	×
NEW 75	}	×
NEW 76	return auth, nil	×
77	}

mendersoftware / mender-server / 1893336421

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous