Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept the Authorization header #399

Merged
merged 1 commit into from Sep 12, 2019
Merged

Accept the Authorization header #399

merged 1 commit into from Sep 12, 2019

Conversation

jcoyne
Copy link
Contributor

@jcoyne jcoyne commented Sep 12, 2019

Log a honeybadger notification when we get the old X-Auth header
Fixes #320

Why was this change made?

We want to be able to accept the standard Authorization header rather than our custom X-Auth header.

Was the API documentation (openapi.json) updated?

Yes!

@jcoyne jcoyne added this to Needs Review in Infrateam Aug-Sep 2019 via automation Sep 12, 2019
mjgiarlo
mjgiarlo approved these changes Sep 12, 2019
View reviewed changes
Copy link
Member

@mjgiarlo mjgiarlo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

app/controllers/application_controller.rb Outdated
@@ -25,6 +26,9 @@ def check_auth_token
return render json: { error: 'Not Authorized' }, status: :unauthorized unless token

Honeybadger.context(invoked_by: token[:sub])
return unless request.headers[OLD_TOKEN_HEADER]

Honeybadger.notify("Deprecated authentication header '#{OLD_TOKEN_HEADER}' was provided, but '#{TOKEN_HEADER}' is expected")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/authentication/authorization/ ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I fixed it.

@jcoyne
Accept the Authorization header
dc55547 
Log a honeybadger notification when we get the old X-Auth header
Fixes #320
@mjgiarlo
Copy link
Member

@jcoyne 🐑 it

@mjgiarlo mjgiarlo merged commit 747e758 into master Sep 12, 2019
Infrateam Aug-Sep 2019 automation moved this from Needs Review to Done Sep 12, 2019
@mjgiarlo
Copy link
Member

Should we look to do lots o' shared configs PRs tomorrow and Friday so Monday morning updates can reduce the number of hb alerts?

@mjgiarlo mjgiarlo deleted the auth branch September 12, 2019 01:21
@sul-dlss sul-dlss deleted a comment from coveralls Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjgiarlo mjgiarlo mjgiarlo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
Infrateam Aug-Sep 2019
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Prefer Authorization header over X-Auth
2 participants
@jcoyne @mjgiarlo