fix: jwt regex validation error during skip-jwt-bearer-tokens flow (#2888)

--------- Co-authored-by: Jan Larwig <jan@larwig.com>
2025-06-17 00:17:40 +02:00 · 2025-01-15 09:06:21 +01:00
parent fafb47e45a
commit f31e02cebd
3 changed files with 9 additions and 1 deletions
--- a/pkg/middleware/jwt_session_test.go
+++ b/pkg/middleware/jwt_session_test.go
@ -71,6 +71,7 @@ Nnc3a3lGVWFCNUMxQnNJcnJMTWxka1dFaHluYmI4Ongtb2F1dGgtYmFzaWM=`
 	// validToken will pass the token regex so can be used to check token fetching
 	// is valid. It will not pass the OIDC Verifier however.
 	const validToken = "eyJfoobar.eyJfoobar.12345asdf"
+	const validTokenWithSpace = "eyAidHlwIjogIkpXVCIsICJraWQiOiAiRTJlWW5ZMWR1eGttTkpiVGdCRzd4MkVpNVJZPSIsICJhbGciOiAiUlMyNTYiIH0K.eyJfoobar.12345asdf"

 	Context("JwtSessionLoader", func() {
 		var verifier middlewareapi.VerifyFunc
@ -294,6 +295,11 @@ Nnc3a3lGVWFCNUMxQnNJcnJMTWxka1dFaHluYmI4Ongtb2F1dGgtYmFzaWM=`
 				expectedErr:   nil,
 				expectedToken: validToken,
 			}),
+			Entry("Bearer <valid-token-with-whitespace>", findBearerTokenFromHeaderTableInput{
+				header:        fmt.Sprintf("Bearer %s", validTokenWithSpace),
+				expectedErr:   nil,
+				expectedToken: validTokenWithSpace,
+			}),
 			Entry("Basic invalid-base64", findBearerTokenFromHeaderTableInput{
 				header:        "Basic invalid-base64",
 				expectedErr:   errors.New("invalid basic auth token: illegal base64 data at input byte 7"),