Case insensitive headers (#39)

* BasicAuthorizer headers should not be case sensitive

* Add extension method for case insensitive headers key
TokenInfo should get header case insensitive

Author: adhesivee

oauth2-server-core/src/main/java/nl/myndocs/oauth2/CallRouter.kt

@@ -213,7 +213,7 @@ class CallRouter(
             return
         }
 
-        val authorization = callContext.headers["Authorization"]
+        val authorization = callContext.headerCaseInsensitive("Authorization")
 
         if (authorization == null || !authorization.startsWith("bearer ", true)) {
             callContext.respondStatus(STATUS_UNAUTHORIZED)

oauth2-server-core/src/main/java/nl/myndocs/oauth2/request/CallContextHeader.kt

@@ -0,0 +1,7 @@
+package nl.myndocs.oauth2.request
+
+fun CallContext.headerCaseInsensitive(key: String) =
+        headers
+                .filter { it.key.equals(key, true) }
+                .values
+                .firstOrNull()

oauth2-server-core/src/main/java/nl/myndocs/oauth2/request/auth/BasicAuthorizer.kt

@@ -3,10 +3,13 @@ package nl.myndocs.oauth2.request.auth
 import nl.myndocs.oauth2.authenticator.Authorizer
 import nl.myndocs.oauth2.authenticator.Credentials
 import nl.myndocs.oauth2.request.CallContext
+import nl.myndocs.oauth2.request.headerCaseInsensitive
 
+// @TODO: BasicAuth should be injected instead of static call
 open class BasicAuthorizer(protected val context: CallContext) : Authorizer {
     override fun extractCredentials(): Credentials? {
-        val authorizationHeader = context.headers["authorization"] ?: ""
+        val authorizationHeader = context.headerCaseInsensitive("authorization") ?: ""
+
         return BasicAuth.parseCredentials(authorizationHeader)
     }
 

oauth2-server-core/src/test/java/nl/myndocs/oauth2/request/auth/BasicAuthorizerTest.kt

@@ -0,0 +1,42 @@
+package nl.myndocs.oauth2.request.auth
+
+import io.mockk.every
+import io.mockk.mockk
+import nl.myndocs.oauth2.request.CallContext
+import org.hamcrest.CoreMatchers.*
+import org.hamcrest.MatcherAssert.assertThat
+import org.junit.jupiter.api.Test
+import java.util.*
+
+internal class BasicAuthorizerTest {
+
+    @Test
+    fun `test authorization head is case insensitive with all uppercase input`() {
+        `test authorization head is case insensitive with input`(
+                "AUTHORIZATION"
+        )
+    }
+
+    @Test
+    fun `test authorization head is case insensitive with all lowercase input`() {
+        `test authorization head is case insensitive with input`(
+                "authorization"
+        )
+    }
+
+    private fun `test authorization head is case insensitive with input`(authorizationKeyName: String) {
+        val callContext = mockk<CallContext>()
+        val username = "test"
+        val password = "test-password"
+
+        val testCredentials = Base64.getEncoder().encodeToString("$username:$password".toByteArray())
+
+        every { callContext.headers } returns mapOf(authorizationKeyName to "basic $testCredentials")
+        val credentials = BasicAuthorizer(callContext)
+                .extractCredentials()
+
+        assertThat(credentials, `is`(notNullValue()))
+        assertThat(credentials!!.username, `is`(equalTo(username)))
+        assertThat(credentials.password, `is`(equalTo(password)))
+    }
+}