oauth2: ensure case sensitivity for Bearer, MAC, and Basic in auth header
Fixes #113
Change-Id: Id2ba98809a536f1dc1fab5b30c49aeedd2fe4125
Reviewed-on: https://go-review.googlesource.com/9852
Reviewed-by: Burcu Dogan <jbd@google.com>
diff --git a/token.go b/token.go
index 252cfc7..ebbdddb 100644
--- a/token.go
+++ b/token.go
@@ -7,6 +7,7 @@
import (
"net/http"
"net/url"
+ "strings"
"time"
"golang.org/x/net/context"
@@ -53,6 +54,15 @@
// Type returns t.TokenType if non-empty, else "Bearer".
func (t *Token) Type() string {
+ if strings.EqualFold(t.TokenType, "bearer") {
+ return "Bearer"
+ }
+ if strings.EqualFold(t.TokenType, "mac") {
+ return "MAC"
+ }
+ if strings.EqualFold(t.TokenType, "basic") {
+ return "Basic"
+ }
if t.TokenType != "" {
return t.TokenType
}
diff --git a/transport_test.go b/transport_test.go
index efb8232..35cb25e 100644
--- a/transport_test.go
+++ b/transport_test.go
@@ -32,6 +32,39 @@
client.Get(server.URL)
}
+// Test for case-sensitive token types, per https://github.com/golang/oauth2/issues/113
+func TestTransportTokenSourceTypes(t *testing.T) {
+ const val = "abc"
+ tests := []struct {
+ key string
+ val string
+ want string
+ }{
+ {key: "bearer", val: val, want: "Bearer abc"},
+ {key: "mac", val: val, want: "MAC abc"},
+ {key: "basic", val: val, want: "Basic abc"},
+ }
+ for _, tc := range tests {
+ ts := &tokenSource{
+ token: &Token{
+ AccessToken: tc.val,
+ TokenType: tc.key,
+ },
+ }
+ tr := &Transport{
+ Source: ts,
+ }
+ server := newMockServer(func(w http.ResponseWriter, r *http.Request) {
+ if got, want := r.Header.Get("Authorization"), tc.want; got != want {
+ t.Errorf("Authorization header (%q) = %q; want %q", val, got, want)
+ }
+ })
+ defer server.Close()
+ client := http.Client{Transport: tr}
+ client.Get(server.URL)
+ }
+}
+
func TestTokenValidNoAccessToken(t *testing.T) {
token := &Token{}
if token.Valid() {