Skip to content

Commit

Permalink
[quarkus2] Issue 437: Configurable API key header with Authorization …
Browse files Browse the repository at this point in the history
…header value (#516)
  • Loading branch information
github-actions[bot] authored Oct 29, 2023
1 parent cfbd03d commit 8563e87
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 1 deletion.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,8 @@ Similarly to bearer token, the API Key Authentication also has the token entry k

The API Key scheme has an additional property that requires where to add the API key in the request token: header, cookie or query. The inner provider takes care of that for you.

If an `Authorization` header is present, then the value of this header is used as API Key. This behaviour can be changed by setting the property `use-authorization-header-value` to `false`.

### OAuth2 Authentication

The extension will generate a `ClientRequestFilter` capable to add OAuth2 authentication capabilities to the OpenAPI operations that require it. This means that you can use
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public class ApiKeyAuthenticationProvider extends AbstractAuthProvider {
private static final Logger LOGGER = LoggerFactory.getLogger(ApiKeyAuthenticationProvider.class);

static final String API_KEY = "api-key";
static final String USE_AUTHORIZATION_HEADER_VALUE = "use-authorization-header-value";

private final ApiKeyIn apiKeyIn;
private final String apiKeyName;
Expand All @@ -47,7 +48,8 @@ public void filter(ClientRequestContext requestContext) throws IOException {
break;
case header:
if (requestContext.getHeaderString("Authorization") != null
&& !requestContext.getHeaderString("Authorization").isEmpty()) {
&& !requestContext.getHeaderString("Authorization").isEmpty()
&& isUseAuthorizationHeaderValue()) {
requestContext.getHeaders().putSingle(apiKeyName, requestContext.getHeaderString("Authorization"));
} else
requestContext.getHeaders().putSingle(apiKeyName, getApiKey());
Expand All @@ -63,6 +65,11 @@ private String getApiKey() {
return key;
}

private boolean isUseAuthorizationHeaderValue() {
final String value = getAuthConfigParam(USE_AUTHORIZATION_HEADER_VALUE, "true");
return "true".equals(value);
}

private void validateConfig() {
if (isTokenPropagation()) {
throw new OpenApiGeneratorException(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ class ApiKeyAuthenticationProviderTest extends AbstractAuthenticationProviderTes

private static final String API_KEY_NAME = "API_KEY_NAME";
private static final String API_KEY_VALUE = "API_KEY_VALUE";
private static final String API_KEY_AUTH_HEADER_VALUE = "API_KEY_AUTH_HEADER_VALUE";

private static final URI INVOKED_URI = URI.create("https://example.com/my-service");

Expand All @@ -42,6 +43,31 @@ protected ApiKeyAuthenticationProvider createProvider(String openApiSpecId, Stri
openApiGeneratorConfig);
}

@Test
void filterHeaderFromAuthorizationHeaderDefaultCase() throws IOException {
doReturn(API_KEY_AUTH_HEADER_VALUE).when(requestContext).getHeaderString("Authorization");
provider.filter(requestContext);
assertHeader(headers, API_KEY_NAME, API_KEY_AUTH_HEADER_VALUE);
}

@Test
void filterHeaderFromAuthorizationHeaderCase() throws IOException {
authConfig.authConfigParams.put(ApiKeyAuthenticationProvider.USE_AUTHORIZATION_HEADER_VALUE, "true");
doReturn(API_KEY_AUTH_HEADER_VALUE).when(requestContext).getHeaderString("Authorization");
provider.filter(requestContext);
assertHeader(headers, API_KEY_NAME, API_KEY_AUTH_HEADER_VALUE);
authConfig.authConfigParams.remove(ApiKeyAuthenticationProvider.USE_AUTHORIZATION_HEADER_VALUE);
}

@Test
void filterHeaderNotFromAuthorizationHeaderCase() throws IOException {
authConfig.authConfigParams.put(ApiKeyAuthenticationProvider.USE_AUTHORIZATION_HEADER_VALUE, "false");
doReturn(API_KEY_AUTH_HEADER_VALUE).when(requestContext).getHeaderString("Authorization");
provider.filter(requestContext);
assertHeader(headers, API_KEY_NAME, API_KEY_VALUE);
authConfig.authConfigParams.remove(ApiKeyAuthenticationProvider.USE_AUTHORIZATION_HEADER_VALUE);
}

@Test
void filterHeaderCase() throws IOException {
provider.filter(requestContext);
Expand Down

0 comments on commit 8563e87

Please sign in to comment.