correct header assertion

torcolvin · torcolvin · commit c5a35dc1a326 · 2025-06-24T15:01:44.000-04:00
diff --git a/rest/handler_test.go b/rest/handler_test.go
@@ -180,9 +180,11 @@ func TestShouldCheckAdminRBAC(t *testing.T) {
 
 						require.False(t, metricsHandler.shouldCheckAdminRBAC())
 					}
+					invalidAuthHeader := http.Header{}
+					invalidAuthHeader.Add("Authorization", "SGCollect invalid")
 					// with invalid sgcollect token
-					adminHandler = newHandler(sc, adminPrivs, adminServer, httptest.NewRecorder(), &http.Request{Header: http.Header{"Authorization": []string{"SGCollect invalid"}}}, handlerOptions{sgcollect: sgcollectable})
-					metricsHandler = newHandler(sc, metricsPrivs, metricsServer, httptest.NewRecorder(), &http.Request{}, handlerOptions{sgcollect: sgcollectable})
+					adminHandler = newHandler(sc, adminPrivs, adminServer, httptest.NewRecorder(), &http.Request{Header: invalidAuthHeader}, handlerOptions{sgcollect: sgcollectable})
+					metricsHandler = newHandler(sc, metricsPrivs, metricsServer, httptest.NewRecorder(), &http.Request{Header: invalidAuthHeader}, handlerOptions{sgcollect: sgcollectable})
 					if requireInterfaceAuth {
 						if base.IsDevMode() && !sgcollectable {
 							require.PanicsWithValue(t, base.AssertionFailedPrefix+sgcollectTokenInvalidRequest, func() { adminHandler.shouldCheckAdminRBAC() })
@@ -197,8 +199,11 @@ func TestShouldCheckAdminRBAC(t *testing.T) {
 					}
 					// with valid sgcollect token, but sgcollect on the handler is disabled
 					require.NoError(t, sc.SGCollect.createNewToken())
-					adminHandler = newHandler(sc, adminPrivs, adminServer, httptest.NewRecorder(), &http.Request{Header: http.Header{"Authorization": []string{"SGCollect invalid"}}}, handlerOptions{sgcollect: false})
-					metricsHandler = newHandler(sc, metricsPrivs, metricsServer, httptest.NewRecorder(), &http.Request{}, handlerOptions{sgcollect: false})
+
+					validAuthHeader := http.Header{}
+					validAuthHeader.Add("Authorization", fmt.Sprintf("SGCollect %s", sc.SGCollect.Token))
+					adminHandler = newHandler(sc, adminPrivs, adminServer, httptest.NewRecorder(), &http.Request{Header: validAuthHeader}, handlerOptions{sgcollect: false})
+					metricsHandler = newHandler(sc, metricsPrivs, metricsServer, httptest.NewRecorder(), &http.Request{Header: validAuthHeader}, handlerOptions{sgcollect: false})
 					if requireInterfaceAuth {
 						if base.IsDevMode() {
 							require.PanicsWithValue(t, base.AssertionFailedPrefix+sgcollectTokenInvalidRequest, func() { adminHandler.shouldCheckAdminRBAC() })
diff --git a/rest/sgcollect.go b/rest/sgcollect.go
@@ -68,7 +68,7 @@ type sgCollect struct {
 	sgPath           string    // Path to the Sync Gateway executable
 	SGCollectPath    []string  // Path to the sgcollect_info executable
 	SGCollectPathErr error     // Error if sgcollect_info path could not be determined
-	token            string    // Token for sgcollect_info, if required
+	Token            string    // Token for sgcollect_info, if required
 	tokenAge         time.Time // Time when the token was created
 	Stdout           io.Writer // test seam, is nil in production
 	Stderr           io.Writer // test seam, is nil in production
@@ -116,7 +116,7 @@ func (sg *sgCollect) Start(ctx context.Context, logFilePath string, zipFilename
 		return fmt.Errorf("failed to get sgcollect_info token: %w", err)
 	}
 	cmd.Env = append(os.Environ(),
-		sgcollectTokenEnvVar+"="+sg.token,
+		sgcollectTokenEnvVar+"="+sg.Token,
 	)
 	outStream := newSGCollectOutputStream(ctx, sg.Stdout, sg.Stderr)
 	cmd.Stdout = outStream.stdoutPipeWriter
@@ -179,14 +179,14 @@ func (sg *sgCollect) createNewToken() error {
 	if err != nil {
 		sg.clearToken()
 	}
-	sg.token = token
+	sg.Token = token
 	sg.tokenAge = time.Now()
 	return err
 }
 
 // clearToken clears the token.
 func (sg *sgCollect) clearToken() {
-	sg.token = ""
+	sg.Token = ""
 	sg.tokenAge = time.Time{}
 }
 
@@ -209,7 +209,7 @@ func (sg *sgCollect) hasValidToken(ctx context.Context, token string) bool {
 		base.DebugfCtx(ctx, base.KeyAdmin, "sgcollect_info token has expired after %.2f secs", time.Since(sg.tokenAge).Seconds())
 		return false
 	}
-	return token == sg.token
+	return token == sg.Token
 }
 
 type SGCollectOptions struct {

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ type sgCollect struct {`
`68`	`68`	`sgPath string // Path to the Sync Gateway executable`
`69`	`69`	`SGCollectPath []string // Path to the sgcollect_info executable`
`70`	`70`	`SGCollectPathErr error // Error if sgcollect_info path could not be determined`
`71`		`- token string // Token for sgcollect_info, if required`
	`71`	`+ Token string // Token for sgcollect_info, if required`
`72`	`72`	`tokenAge time.Time // Time when the token was created`
`73`	`73`	`Stdout io.Writer // test seam, is nil in production`
`74`	`74`	`Stderr io.Writer // test seam, is nil in production`
`@@ -116,7 +116,7 @@ func (sg *sgCollect) Start(ctx context.Context, logFilePath string, zipFilename`
`116`	`116`	`return fmt.Errorf("failed to get sgcollect_info token: %w", err)`
`117`	`117`	`}`
`118`	`118`	`cmd.Env = append(os.Environ(),`
`119`		`- sgcollectTokenEnvVar+"="+sg.token,`
	`119`	`+ sgcollectTokenEnvVar+"="+sg.Token,`
`120`	`120`	`)`
`121`	`121`	`outStream := newSGCollectOutputStream(ctx, sg.Stdout, sg.Stderr)`
`122`	`122`	`cmd.Stdout = outStream.stdoutPipeWriter`
`@@ -179,14 +179,14 @@ func (sg *sgCollect) createNewToken() error {`
`179`	`179`	`if err != nil {`
`180`	`180`	`sg.clearToken()`
`181`	`181`	`}`
`182`		`- sg.token = token`
	`182`	`+ sg.Token = token`
`183`	`183`	`sg.tokenAge = time.Now()`
`184`	`184`	`return err`
`185`	`185`	`}`
`186`	`186`
`187`	`187`	`// clearToken clears the token.`
`188`	`188`	`func (sg *sgCollect) clearToken() {`
`189`		`- sg.token = ""`
	`189`	`+ sg.Token = ""`
`190`	`190`	`sg.tokenAge = time.Time{}`
`191`	`191`	`}`
`192`	`192`
`@@ -209,7 +209,7 @@ func (sg *sgCollect) hasValidToken(ctx context.Context, token string) bool {`
`209`	`209`	`base.DebugfCtx(ctx, base.KeyAdmin, "sgcollect_info token has expired after %.2f secs", time.Since(sg.tokenAge).Seconds())`
`210`	`210`	`return false`
`211`	`211`	`}`
`212`		`- return token == sg.token`
	`212`	`+ return token == sg.Token`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`type SGCollectOptions struct {`