case-insenitive Bearer check #134 (#135)

JoshMcCullough · web-flow · commit 02f4e17eb84d · 2024-08-28T12:12:07.000-04:00
diff --git a/openssl.dockerfile b/openssl.dockerfile
@@ -1,9 +1,9 @@
-ARG BASE_IMAGE
+ARG BASE_IMAGE=debian:bookworm-slim
 
 FROM ${BASE_IMAGE}
-ARG SRC_DIR=/tmp/openssl-src
-ARG OUT_DIR=/usr/local/.openssl
-ARG SSL_VERSION
+ARG SSL_VERSION=3.2.1
+ENV SRC_DIR=/tmp/openssl-src
+ENV OUT_DIR=/usr/local/.openssl
 RUN <<`
     set -e
     apt-get update
@@ -13,8 +13,8 @@ RUN <<`
 `
 WORKDIR ${SRC_DIR}
 RUN <<`
-    set -e
-    curl --silent -O https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz
+    set -ex
+    curl --silent -LO https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz
     tar -xf openssl-${SSL_VERSION}.tar.gz --strip-components=1
 `
 RUN ./config --prefix=${OUT_DIR} --openssldir=${OUT_DIR} shared zlib
@@ -34,4 +34,4 @@ RUN <<`
     ln -sf ${OUT_DIR}/lib64/libcrypto.so.3 /lib/x86_64-linux-gnu/libcrypto.so.3
 `
 WORKDIR /
-#RUN rm -rf ${SRC_DIR}
+RUN rm -rf ${SRC_DIR}
diff --git a/scripts.sh b/scripts.sh
@@ -40,13 +40,13 @@ all() {
 verify_and_build_base_image() {
 	local image=${SSL_IMAGE_MAP[$SSL_VERSION]}
 	local baseImage=${image%%:*}
-	
+
 	if [ -z ${image} ]; then
 		echo "Base image not set for SSL version :${SSL_VERSION}"
 		exit 1
 	else
-		printf "${MAGENTA}Building base image for SSL ${SSL_VERSION}...${NC}\n"
-		docker image build \
+		printf "${MAGENTA}Building ${baseImage} base image for SSL ${SSL_VERSION}...${NC}\n"
+		docker buildx build \
 		  --build-arg BASE_IMAGE=debian:${baseImage} \
 			--build-arg SSL_VERSION=${SSL_VERSION} \
 			-f openssl.dockerfile \
diff --git a/src/ngx_http_auth_jwt_module.c b/src/ngx_http_auth_jwt_module.c
@@ -630,7 +630,7 @@ static char *get_jwt(ngx_http_request_t *r, ngx_str_t jwt_location)
     {
       static const char *BEARER_PREFIX = "Bearer ";
 
-      if (ngx_strncmp(jwtHeaderVal->value.data, BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)
+      if (ngx_strncasecmp(jwtHeaderVal->value.data, (u_char *)BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)
       {
         ngx_str_t jwtHeaderValWithoutBearer = jwtHeaderVal->value;
 
diff --git a/test/docker-compose-test.yml b/test/docker-compose-test.yml
@@ -1,5 +1,3 @@
-version: '3.3'
-
 services:
 
   nginx:
diff --git a/test/test.sh b/test/test.sh
@@ -143,6 +143,12 @@ main() {
            -r "< Test-Authorization: Bearer ${JWT_HS256_VALID}" \
            -x "--header \"Authorization: Bearer ${JWT_HS256_VALID}\""
 
+  run_test -n 'when auth enabled with Authorization header with Bearer, lower-case "bearer" should be accepted' \
+           -p '/secure/auth-header/default/proxy-header' \
+           -c '200' \
+           -r "< Test-Authorization: bearer ${JWT_HS256_VALID}" \
+           -x "--header \"Authorization: bearer ${JWT_HS256_VALID}\""
+
   run_test -n 'when auth enabled with default algorithm and no JWT cookie, returns 302' \
            -p '/secure/cookie/default' \
            -c '302'

Original file line number	Diff line number	Diff line change
`@@ -630,7 +630,7 @@ static char get_jwt(ngx_http_request_t r, ngx_str_t jwt_location)`
`630`	`630`	`{`
`631`	`631`	`static const char *BEARER_PREFIX = "Bearer ";`
`632`	`632`
`633`		`- if (ngx_strncmp(jwtHeaderVal->value.data, BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)`
	`633`	`+ if (ngx_strncasecmp(jwtHeaderVal->value.data, (u_char *)BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)`
`634`	`634`	`{`
`635`	`635`	`ngx_str_t jwtHeaderValWithoutBearer = jwtHeaderVal->value;`
`636`	`636`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-version: '3.3'`
`2`		`-`
`3`	`1`	`services:`
`4`	`2`
`5`	`3`	`nginx:`