fix: parse Authorization header case-insensitively and support token format (#137)

## Summary - Make auth header parsing RFC 7235 compliant by comparing the scheme case-insensitively (`bearer`, `BEARER`, etc. all work now) - Add support for Gitea-style `token <value>` format in addition to `Bearer <value>` Fixes https://gitea.com/gitea/gitea-mcp/issues/59 --- *This PR was authored by Claude.* --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/137 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io>
2026-02-27 17:15:13 +00:00 · 2026-02-25 19:04:14 +00:00
parent 3b9236695c
commit 6540693771
2 changed files with 52 additions and 24 deletions
--- a/operation/operation_test.go
+++ b/operation/operation_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 )

-func TestParseBearerToken(t *testing.T) {
+func TestParseAuthToken(t *testing.T) {
 	tests := []struct {
 		name      string
 		header    string
@@ -12,23 +12,29 @@ func TestParseBearerToken(t *testing.T) {
 		wantOK    bool
 	}{
 		{
-			name:      "valid token",
+			name:      "valid Bearer token",
 			header:    "Bearer validtoken",
 			wantToken: "validtoken",
 			wantOK:    true,
 		},
+		{
+			name:      "lowercase bearer",
+			header:    "bearer lowercase",
+			wantToken: "lowercase",
+			wantOK:    true,
+		},
+		{
+			name:      "uppercase BEARER",
+			header:    "BEARER uppercase",
+			wantToken: "uppercase",
+			wantOK:    true,
+		},
 		{
 			name:      "token with spaces trimmed",
 			header:    "Bearer   spacedToken ",
 			wantToken: "spacedToken",
 			wantOK:    true,
 		},
-		{
-			name:      "lowercase bearer should fail",
-			header:    "bearer lowercase",
-			wantToken: "",
-			wantOK:    false,
-		},
 		{
 			name:      "bearer with no token",
 			header:    "Bearer ",
@@ -47,6 +53,24 @@ func TestParseBearerToken(t *testing.T) {
 			wantToken: "",
 			wantOK:    false,
 		},
+		{
+			name:      "Gitea token format",
+			header:    "token giteaapitoken",
+			wantToken: "giteaapitoken",
+			wantOK:    true,
+		},
+		{
+			name:      "Gitea Token format capitalized",
+			header:    "Token giteaapitoken",
+			wantToken: "giteaapitoken",
+			wantOK:    true,
+		},
+		{
+			name:      "token with no value",
+			header:    "token ",
+			wantToken: "",
+			wantOK:    false,
+		},
 		{
 			name:      "different auth type",
 			header:    "Basic dXNlcjpwYXNz",
@@ -60,7 +84,7 @@ func TestParseBearerToken(t *testing.T) {
 			wantOK:    false,
 		},
 		{
-			name:      "token with internal spaces",
+			name:      "bearer token with internal spaces",
 			header:    "Bearer token with spaces",
 			wantToken: "token with spaces",
 			wantOK:    true,
@@ -69,12 +93,12 @@ func TestParseBearerToken(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotToken, gotOK := parseBearerToken(tt.header)
+			gotToken, gotOK := parseAuthToken(tt.header)
 			if gotToken != tt.wantToken {
-				t.Errorf("parseBearerToken() token = %q, want %q", gotToken, tt.wantToken)
+				t.Errorf("parseAuthToken() token = %q, want %q", gotToken, tt.wantToken)
 			}
 			if gotOK != tt.wantOK {
-				t.Errorf("parseBearerToken() ok = %v, want %v", gotOK, tt.wantOK)
+				t.Errorf("parseAuthToken() ok = %v, want %v", gotOK, tt.wantOK)
 			}
 		})
 	}