api-layer icon indicating copy to clipboard operation
api-layer copied to clipboard
verified publisher icon zowe

fix: Fixes the issue when PAT passed as authorization header with auth scheme zoweJwt

Open Shobhajayanna opened this issue 1 year ago • 6 comments

Description

fixing issue when PAT passed as authorization header

Linked to #3476

Type of change

Please delete options that are not relevant.

  • [x] fix: Bug fix (non-breaking change which fixes an issue)
  • [ ] feat: New feature (non-breaking change which adds functionality)
  • [ ] docs: Change in a documentation
  • [ ] refactor: Refactor the code
  • [ ] chore: Chore, repository cleanup, updates the dependencies.
  • [ ] BREAKING CHANGE or !: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • [ ] My code follows the style guidelines of this project
  • [ ] PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • [ ] I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • [ ] I have made corresponding changes to the documentation
  • [ ] My changes generate no new warnings
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] New and existing unit tests pass locally with my changes
  • [ ] The java tests in the area I was working on leverage @Nested annotations
  • [ ] Any dependent changes have been merged and published in downstream modules

For more details about how should the code look like read the Contributing guideline

Shobhajayanna avatar Apr 15 '24 08:04 Shobhajayanna

Can you add a description to what was the issue and how are you fixing it? Did you add a test case that would cover this failing scenario?

The coverage on the new code is 83%, is it possible to increase it to 90%?

boris-bc avatar Apr 15 '24 12:04 boris-bc

Just a quick note on the title of this PR, it seems PAT did work when passed as an authorization header if the authentication scheme was passticket and not zoweJwt. Did you observe the same behavior?

dkelosky avatar Apr 15 '24 13:04 dkelosky

@dkelosky No, it works fine if the authentication scheme is passticket. it fails when authentication scheme is ZoweJwt and passed as autherization header. it also works fine if its passed as a cookie with zoweJwt auth scheme.

Shobhajayanna avatar Apr 15 '24 13:04 Shobhajayanna

No, it works fine if the authentication scheme is passticket.

In that case, are you passing the PAT via Authorization Header or as a cookie?

dkelosky avatar Apr 15 '24 17:04 dkelosky

It looks like there are 4 distinct ways to provide the PAT: https://docs.zowe.org/stable/user-guide/api-mediation/authenticating-with-personal-access-token/#using-the-personal-access-token-to-authenticate

Were you able to verify (ideally in an automated fashion), that the PAT works with each of the 4 with a combination of authentication schemes?

dkelosky avatar Apr 15 '24 17:04 dkelosky

Have you reviewed the new issues reported by Sonar that this new code introduces?

boris-bc avatar Apr 30 '24 07:04 boris-bc

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Apr 30 '24 11:04 sonarqubecloud[bot]