Page MenuHomePhabricator

[comm-lib] Add env var to disable CSAT verification
ClosedPublic

Authored by bartek on Jun 13 2024, 12:59 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 24, 8:46 AM
Unknown Object (File)
Sun, Nov 24, 2:48 AM
Unknown Object (File)
Sat, Nov 23, 4:50 PM
Unknown Object (File)
Fri, Nov 15, 4:39 AM
Unknown Object (File)
Fri, Nov 8, 6:19 AM
Unknown Object (File)
Thu, Nov 7, 4:06 AM
Unknown Object (File)
Sat, Nov 2, 4:02 AM
Unknown Object (File)
Fri, Nov 1, 1:38 PM
Subscribers

Details

Summary

Introduced the COMM_SERVICES_DISABLE_CSAT_VERIFICATION env var flag that lets us skip
token verification for services.

Needed to replace built-in BearerAuth middleware extractor with a custom one, that
allows Authorization header to be optional. By the way, gained converting header value
into our AuthorizationCredential type for free.

Depends on D12411

Test Plan

Tested more deeply in further diffs. At this point, wrapped Blob service endpoints with the middleware:

  • With env var set, request succeeded with and without Authorization header
  • Without the env var, HTTP 401 was returned if header was not provided or was malformed.

At this point, only header format is validated, credentials may be invalid

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage