enhance validating to parse Authentication header

Author: tsuyoshizawa

scala-oauth2-core/src/main/scala/scalaoauth2/provider/ClientCredentialFetcher.scala

@@ -6,20 +6,24 @@ case class ClientCredential(clientId: String, clientSecret: String)
 
 trait ClientCredentialFetcher {
 
+  val REGEXP_AUTHORIZATION = """^\s*Basic\s+(.+?)\s*$""".r
+
   def fetch(request: AuthorizationRequest): Option[ClientCredential] = {
-    request.header("Authorization") match {
-      case Some(authorization) if authorization.length > 5 => {
-        val decoded = new String(Base64.decodeBase64(authorization.substring(6).getBytes), "UTF-8")
+    request.header("Authorization").flatMap {
+      REGEXP_AUTHORIZATION.findFirstMatchIn
+    } match {
+      case Some(matcher) =>
+        val authorization = matcher.group(1)
+        val decoded = new String(Base64.decodeBase64(authorization.getBytes), "UTF-8")
         if (decoded.indexOf(':') > 0) {
           decoded.split(":", 2) match {
-            case Array(clientId, clientSecret) => Option(ClientCredential(clientId, clientSecret))
-            case Array(clientId) => Option(ClientCredential(clientId, ""))
+            case Array(clientId, clientSecret) => Some(ClientCredential(clientId, clientSecret))
+            case Array(clientId) => Some(ClientCredential(clientId, ""))
             case _ => None
           }
         } else {
           None
         }
-      }
       case _ => request.clientId.map { clientId =>
         ClientCredential(clientId, request.clientSecret.getOrElse(""))
       }

scala-oauth2-core/src/test/scala/scalaoauth2/provider/ClientCredentialFetcherSpec.scala

@@ -18,7 +18,7 @@ class ClientCredentialFetcherSpec extends FlatSpec {
     c.clientId should be ("client_id_value")
     c.clientSecret should be ("client_secret_value")
   }
-  
+
   it should "fetch empty client_secret" in {
     val request = AuthorizationRequest(Map("Authorization" -> Seq("Basic Y2xpZW50X2lkX3ZhbHVlOg==")), Map())
     val Some(c) = ClientCredentialFetcher.fetch(request)
@@ -31,7 +31,7 @@ class ClientCredentialFetcherSpec extends FlatSpec {
     ClientCredentialFetcher.fetch(request) should be (None)
   }
 
-  it should "not fetch invalidate Base64" in {
+  it should "not fetch invalid Base64" in {
     val request = AuthorizationRequest(Map("Authorization" -> Seq("Basic basic")), Map())
     ClientCredentialFetcher.fetch(request) should be (None)
   }
@@ -48,7 +48,7 @@ class ClientCredentialFetcherSpec extends FlatSpec {
     c.clientId should be ("client_id_value")
     c.clientSecret should be ("")
   }
-  
+
   it should "not fetch missing parameter" in {
     ClientCredentialFetcher.fetch(AuthorizationRequest(Map(), Map("client_secret" -> Seq("client_secret_value")))) should be (None)
   }
@@ -57,4 +57,14 @@ class ClientCredentialFetcherSpec extends FlatSpec {
     val request = AuthorizationRequest(Map("Authorization" -> Seq("")), Map())
     ClientCredentialFetcher.fetch(request) should be (None)
   }
+
+  it should "fetch parameter with invalid header" in {
+    val request = AuthorizationRequest(
+      Map("Authorization" -> Seq("fakeheader aaaa")),
+      Map("client_id" -> Seq("client_id_value"), "client_secret" -> Seq("client_secret_value"))
+    )
+    val Some(c) = ClientCredentialFetcher.fetch(request)
+    c.clientId should be ("client_id_value")
+    c.clientSecret should be ("client_secret_value")
+  }
 }