Skip to content

Commit 875d80d

Browse files
ptitmoutonptitmouton
authored
Fix VerifyToken compilation under OTP 28 by allowing binary scheme_reg (#739)
1 parent 37a911c commit 875d80d

2 files changed

Lines changed: 34 additions & 5 deletions

File tree

lib/guardian/plug/verify_header.ex

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -108,8 +108,7 @@ if Code.ensure_loaded?(Plug) do
108108
end
109109

110110
defp put_scheme_reg(scheme, opts) do
111-
{:ok, reg} = Regex.compile("#{scheme}\:?\s+(.*)$", "i")
112-
Keyword.put(opts, :scheme_reg, reg)
111+
Keyword.put(opts, :scheme_reg, "#{scheme}\:?\s+(.*)$")
113112
end
114113

115114
defp get_scheme(opts) do
@@ -163,7 +162,12 @@ if Code.ensure_loaded?(Plug) do
163162
defp fetch_token_from_header(_, _, []), do: :no_token_found
164163

165164
defp fetch_token_from_header(conn, opts, [token | tail]) do
166-
reg = Keyword.get(opts, :scheme_reg, ~r/^(.*)$/)
165+
reg =
166+
case Keyword.get(opts, :scheme_reg, ~r/^(.*)$/) do
167+
%Regex{} = reg -> reg
168+
reg_str -> Regex.compile!(reg_str, "i")
169+
end
170+
167171
trimmed_token = String.trim(token)
168172

169173
case Regex.run(reg, trimmed_token) do

test/guardian/plug/verify_header_test.exs

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -129,10 +129,35 @@ defmodule Guardian.Plug.VerifyHeaderTest do
129129

130130
test "getting the scheme config" do
131131
opts = VerifyHeader.init(scheme: "Bearer")
132-
assert opts[:scheme_reg] == ~r/Bearer:? +(.*)$/i
132+
assert opts[:scheme_reg] == "Bearer:? +(.*)$"
133133

134134
opts = VerifyHeader.init(scheme: "Basic")
135-
assert opts[:scheme_reg] == ~r/Basic:? +(.*)$/i
135+
assert opts[:scheme_reg] == "Basic:? +(.*)$"
136+
end
137+
138+
test "correctly reading the token from the header", ctx do
139+
conn =
140+
:get
141+
|> conn("/")
142+
|> put_req_header("authorization", "Basic #{ctx.token}")
143+
|> VerifyHeader.call(
144+
Keyword.merge(VerifyHeader.init(scheme: "Basic"), module: ctx.impl, error_handler: ctx.handler)
145+
)
146+
147+
refute conn.status == 401
148+
assert Guardian.Plug.current_token(conn) == ctx.token
149+
end
150+
151+
test "ignoring token from header with non-matching scheme", ctx do
152+
conn =
153+
:get
154+
|> conn("/")
155+
|> put_req_header("authorization", "Bearer #{ctx.token}")
156+
|> VerifyHeader.call(
157+
Keyword.merge(VerifyHeader.init(scheme: "Basic"), module: ctx.impl, error_handler: ctx.handler)
158+
)
159+
160+
refute Guardian.Plug.current_token(conn) == ctx.token
136161
end
137162

138163
test "with a token and mismatching claims", ctx do

0 commit comments

Comments
 (0)