filter empty authorization tokens from headers (#6789)

tomerd · web-flow · commit 7aa80df093e5 · 2023-08-09T10:04:28.000-07:00
motiavtion: do not send empty authorization headers, even if authorization provider returns empty strings

changes:
* do not send authorization header when the authroization provider returns an empty string
* adjust tests

radar/99133141
diff --git a/Sources/Basics/HTTPClient/HTTPClient.swift b/Sources/Basics/HTTPClient/HTTPClient.swift
@@ -84,6 +84,7 @@ public actor HTTPClient {
         }
 
         if let authorization = request.options.authorizationProvider?(request.url),
+           !authorization.isEmpty,
            !request.headers.contains("Authorization")
         {
             request.headers.add(name: "Authorization", value: authorization)
diff --git a/Sources/Basics/HTTPClient/LegacyHTTPClient.swift b/Sources/Basics/HTTPClient/LegacyHTTPClient.swift
@@ -107,6 +107,7 @@ public final class LegacyHTTPClient: Cancellable {
         }
 
         if let authorization = request.options.authorizationProvider?(request.url),
+           !authorization.isEmpty,
            !request.headers.contains("Authorization")
         {
             request.headers.add(name: "Authorization", value: authorization)
diff --git a/Tests/BasicsTests/HTTPClientTests.swift b/Tests/BasicsTests/HTTPClientTests.swift
@@ -173,21 +173,37 @@ final class HTTPClientTests: XCTestCase {
 
     func testAuthorization() async throws {
         let url = URL("http://test")
-        let authorization = UUID().uuidString
 
-        let httpClient = HTTPClient { request, _ in
-            XCTAssertTrue(request.headers.contains("Authorization"), "expecting Authorization")
-            XCTAssertEqual(request.headers.get("Authorization").first, authorization, "expecting Authorization to match")
-            return .init(statusCode: 200)
-        }
+        do {
+            let authorization = UUID().uuidString
 
-        var request = HTTPClient.Request(method: .get, url: url)
-        request.options.authorizationProvider = { requestUrl in
-            requestUrl == url ? authorization : nil
+            let httpClient = HTTPClient { request, _ in
+                XCTAssertTrue(request.headers.contains("Authorization"), "expecting Authorization")
+                XCTAssertEqual(request.headers.get("Authorization").first, authorization, "expecting Authorization to match")
+                return .init(statusCode: 200)
+            }
+
+            var request = HTTPClient.Request(method: .get, url: url)
+            request.options.authorizationProvider = { requestUrl in
+                requestUrl == url ? authorization : nil
+            }
+
+            let response = try await httpClient.execute(request)
+            XCTAssertEqual(response.statusCode, 200, "statusCode should match")
         }
 
-        let response = try await httpClient.execute(request)
-        XCTAssertEqual(response.statusCode, 200, "statusCode should match")
+        do {
+            let httpClient = HTTPClient { request, _ in
+                XCTAssertFalse(request.headers.contains("Authorization"), "not expecting Authorization")
+                return .init(statusCode: 200)
+            }
+
+            var request = HTTPClient.Request(method: .get, url: url)
+            request.options.authorizationProvider = { _ in "" }
+
+            let response = try await httpClient.execute(request)
+            XCTAssertEqual(response.statusCode, 200, "statusCode should match")
+        }
     }
 
     func testValidResponseCodes() async throws {
diff --git a/Tests/BasicsTests/LegacyHTTPClientTests.swift b/Tests/BasicsTests/LegacyHTTPClientTests.swift
@@ -269,33 +269,60 @@ final class LegacyHTTPClientTests: XCTestCase {
 
     func testAuthorization() {
         let url = URL("http://test")
-        let authorization = UUID().uuidString
 
-        let handler: LegacyHTTPClient.Handler = { request, _, completion in
-            XCTAssertTrue(request.headers.contains("Authorization"), "expecting Authorization")
-            XCTAssertEqual(request.headers.get("Authorization").first, authorization, "expecting Authorization to match")
-            completion(.success(LegacyHTTPClient.Response(statusCode: 200)))
-        }
+        do {
+            let authorization = UUID().uuidString
 
-        let httpClient = LegacyHTTPClient(handler: handler)
-        var request = LegacyHTTPClient.Request(method: .get, url: url)
+            let handler: LegacyHTTPClient.Handler = { request, _, completion in
+                XCTAssertTrue(request.headers.contains("Authorization"), "expecting Authorization")
+                XCTAssertEqual(request.headers.get("Authorization").first, authorization, "expecting Authorization to match")
+                completion(.success(LegacyHTTPClient.Response(statusCode: 200)))
+            }
 
-        request.options.authorizationProvider = { requestUrl in
-            requestUrl == url ? authorization : nil
-        }
+            let httpClient = LegacyHTTPClient(handler: handler)
+            var request = LegacyHTTPClient.Request(method: .get, url: url)
 
-        let promise = XCTestExpectation(description: "completed")
-        httpClient.execute(request) { result in
-            switch result {
-            case .failure(let error):
-                XCTFail("unexpected error \(error)")
-            case .success(let response):
-                XCTAssertEqual(response.statusCode, 200, "statusCode should match")
+            request.options.authorizationProvider = { requestUrl in
+                requestUrl == url ? authorization : nil
             }
-            promise.fulfill()
+
+            let promise = XCTestExpectation(description: "completed")
+            httpClient.execute(request) { result in
+                switch result {
+                case .failure(let error):
+                    XCTFail("unexpected error \(error)")
+                case .success(let response):
+                    XCTAssertEqual(response.statusCode, 200, "statusCode should match")
+                }
+                promise.fulfill()
+            }
+
+            wait(for: [promise], timeout: 1)
         }
 
-        wait(for: [promise], timeout: 1)
+        do {
+            let handler: LegacyHTTPClient.Handler = { request, _, completion in
+                XCTAssertFalse(request.headers.contains("Authorization"), "not expecting Authorization")
+                completion(.success(LegacyHTTPClient.Response(statusCode: 200)))
+            }
+
+            let httpClient = LegacyHTTPClient(handler: handler)
+            var request = LegacyHTTPClient.Request(method: .get, url: url)
+            request.options.authorizationProvider = { _ in "" }
+
+            let promise = XCTestExpectation(description: "completed")
+            httpClient.execute(request) { result in
+                switch result {
+                case .failure(let error):
+                    XCTFail("unexpected error \(error)")
+                case .success(let response):
+                    XCTAssertEqual(response.statusCode, 200, "statusCode should match")
+                }
+                promise.fulfill()
+            }
+
+            wait(for: [promise], timeout: 1)
+        }
     }
 
     func testValidResponseCodes() {

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public actor HTTPClient {`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`if let authorization = request.options.authorizationProvider?(request.url),`
	`87`	`+ !authorization.isEmpty,`
`87`	`88`	`!request.headers.contains("Authorization")`
`88`	`89`	`{`
`89`	`90`	`request.headers.add(name: "Authorization", value: authorization)`
Original file line number	Diff line number	Diff line change
`@@ -107,6 +107,7 @@ public final class LegacyHTTPClient: Cancellable {`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`if let authorization = request.options.authorizationProvider?(request.url),`
	`110`	`+ !authorization.isEmpty,`
`110`	`111`	`!request.headers.contains("Authorization")`
`111`	`112`	`{`
`112`	`113`	`request.headers.add(name: "Authorization", value: authorization)`