Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: trim whitespace from API tokens #19814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 15, 2025
Merged

fix: trim whitespace from API tokens #19814

merged 1 commit into from
Sep 15, 2025

Conversation

ThomasK33
Copy link
Member

@ThomasK33 ThomasK33 commented Sep 15, 2025
edited
Loading

Trim whitespace from API tokens in Authorization headers and query parameters

This PR enhances the API token extraction logic by trimming whitespace from tokens obtained via:

  1. Authorization: Bearer headers
  2. access_token query parameters

The change ensures consistent token handling when tokens contain leading or trailing whitespace, improving authentication reliability.

The PR also removes unnecessary t.Parallel() calls from OAuth2 bearer token tests to prevent potential race conditions during test execution.

Fixes: coder/internal#967

@ThomasK33
test(httpmw): deflake RFC6750 bearer token tests on Windows
5290532 
Fixes flake where subtests used t.Parallel() while sharing a DB from dbtestutil.NewDB(t). On Windows, the parent test’s t.Cleanup closed the DB before parallel subtests finished, yielding intermittent 401 Unauthorized instead of 200. Serializing the subtests keeps the DB alive for each case and removes the flake.
Also trims whitespace from Authorization: Bearer and access_token token extraction for robustness; no change to precedence or overall behavior.

Change-Id: Ifa9ad5bb297dc96612dbfb9ef8bb0e16d8ce5778
Signed-off-by: Thomas Kosiewski <[email protected]>
@ThomasK33 Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 requested review from Emyrk and johnstcn September 15, 2025 07:46
@ThomasK33 ThomasK33 marked this pull request as ready for review September 15, 2025 07:57
@ThomasK33 ThomasK33 merged commit d238480 into main Sep 15, 2025
38 checks passed
@ThomasK33 ThomasK33 deleted the thomask33/09-12-test_httpmw_deflake_rfc6750_bearer_token_tests_on_windows branch September 15, 2025 08:02
@github-actions github-actions bot locked and limited conversation to collaborators Sep 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn approved these changes

@Emyrk Emyrk Awaiting requested review from Emyrk

Assignees

@ThomasK33 ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

flake: TestOAuth2BearerTokenPrecedence and TestRFC6750BearerTokenAuthentication
2 participants
@ThomasK33 @johnstcn