Merge 3dc41066dd into db221cb826

2025-04-28 18:06:34 +02:00 · 2025-04-23 15:23:40 -04:00 · 2025-04-23 15:23:40 -04:00 · 1d992ae8ba
commit 1d992ae8ba
parent db221cb826 3dc41066dd
2 changed files with 23 additions and 6 deletions
--- a/internal/sessions/header/header_store.go
+++ b/internal/sessions/header/header_store.go
@ -3,6 +3,7 @@
 package header

 import (
+	"encoding/base64"
 	"net/http"
 	"strings"

@ -47,17 +48,27 @@ func TokenFromHeaders(r *http.Request) string {
 		return jwt
 	}

-	bearer := r.Header.Get(httputil.HeaderAuthorization)
+	authHeader := r.Header.Get(httputil.HeaderAuthorization)
+	// Authorization: Basic enc64<user:password>
+	prefix := "Basic "
+	if strings.HasPrefix(authHeader, prefix) {
+		userPassword, _ := base64.StdEncoding.DecodeString(authHeader[len(prefix):])
+		userPrefix := "pomerium:"
+		if strings.HasPrefix(string(userPassword), userPrefix) {
+			return string(userPassword[len(userPrefix):])
+		}
+	}
+
 	// Authorization: Pomerium <JWT>
-	prefix := httputil.AuthorizationTypePomerium + " "
-	if strings.HasPrefix(bearer, prefix) {
-		return bearer[len(prefix):]
+	prefix = httputil.AuthorizationTypePomerium + " "
+	if strings.HasPrefix(authHeader, prefix) {
+		return authHeader[len(prefix):]
 	}

 	// Authorization: Bearer Pomerium-<JWT>
 	prefix = "Bearer " + httputil.AuthorizationTypePomerium + "-"
-	if strings.HasPrefix(bearer, prefix) {
-		return bearer[len(prefix):]
+	if strings.HasPrefix(authHeader, prefix) {
+		return authHeader[len(prefix):]
 	}

 	return ""
--- a/internal/sessions/header/header_store_test.go
+++ b/internal/sessions/header/header_store_test.go
@ -26,4 +26,10 @@ func TestTokenFromHeader(t *testing.T) {
 		v := TokenFromHeaders(r)
 		assert.Equal(t, "JWT", v)
 	})
+	t.Run("basic auth", func(t *testing.T) {
+		r, _ := http.NewRequest("GET", "http://localhost/some/url", nil)
+		r.SetBasicAuth("pomerium", "JWT")
+		v := TokenFromHeaders(r)
+		assert.Equal(t, "JWT", v)
+	})
 }