Align policy simulation auth passthrough at the frontdoor

2026-03-10 01:55:51 +02:00
parent d16d7a1692
commit 72084355a6
7 changed files with 109 additions and 1 deletions
--- a/src/Router/__Tests/StellaOps.Gateway.WebService.Tests/Middleware/IdentityHeaderPolicyMiddlewareTests.cs
+++ b/src/Router/__Tests/StellaOps.Gateway.WebService.Tests/Middleware/IdentityHeaderPolicyMiddlewareTests.cs
@@ -415,6 +415,23 @@ public sealed class IdentityHeaderPolicyMiddlewareTests
        Assert.Equal("proof-value", context.Request.Headers["DPoP"].ToString());
    }

+    [Fact]
+    public async Task InvokeAsync_PreservesAuthorizationHeadersForConfiguredPolicyPrefix()
+    {
+        _options.JwtPassthroughPrefixes = ["/policy/shadow", "/policy/simulations"];
+        _options.ApprovedAuthPassthroughPrefixes = ["/connect", "/policy/shadow", "/policy/simulations"];
+        var middleware = CreateMiddleware();
+        var context = CreateHttpContext("/policy/shadow/results");
+        context.Request.Headers.Authorization = "DPoP token-value";
+        context.Request.Headers["DPoP"] = "proof-value";
+
+        await middleware.InvokeAsync(context);
+
+        Assert.True(_nextCalled);
+        Assert.Equal("DPoP token-value", context.Request.Headers.Authorization.ToString());
+        Assert.Equal("proof-value", context.Request.Headers["DPoP"].ToString());
+    }
+
    [Fact]
    public async Task InvokeAsync_StripsAuthorizationHeadersWhenConfiguredPrefixIsNotApproved()
    {