From 1c1c184bed42e0d3350c3eadf79681a98ce4ee3d Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Fri, 1 Dec 2017 09:07:32 -0600
Subject: plugin http fixes and tests (#7929)

---
 app/plugin.go | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'app/plugin.go')

diff --git a/app/plugin.go b/app/plugin.go
index 6421e19a6..29031b9d7 100644
--- a/app/plugin.go
+++ b/app/plugin.go
@@ -414,12 +414,16 @@ func (a *App) ServePluginRequest(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	a.servePluginRequest(w, r, a.PluginEnv.Hooks().ServeHTTP)
+}
+
+func (a *App) servePluginRequest(w http.ResponseWriter, r *http.Request, handler http.HandlerFunc) {
 	token := ""
 
 	authHeader := r.Header.Get(model.HEADER_AUTH)
-	if strings.HasPrefix(strings.ToUpper(authHeader), model.HEADER_BEARER+":") {
+	if strings.HasPrefix(strings.ToUpper(authHeader), model.HEADER_BEARER+" ") {
 		token = authHeader[len(model.HEADER_BEARER)+1:]
-	} else if strings.HasPrefix(strings.ToLower(authHeader), model.HEADER_TOKEN+":") {
+	} else if strings.HasPrefix(strings.ToLower(authHeader), model.HEADER_TOKEN+" ") {
 		token = authHeader[len(model.HEADER_TOKEN)+1:]
 	} else if cookie, _ := r.Cookie(model.SESSION_COOKIE_TOKEN); cookie != nil && (r.Method == "GET" || r.Header.Get(model.HEADER_REQUESTED_WITH) == model.HEADER_REQUESTED_WITH_XML) {
 		token = cookie.Value
@@ -429,7 +433,7 @@ func (a *App) ServePluginRequest(w http.ResponseWriter, r *http.Request) {
 
 	r.Header.Del("Mattermost-User-Id")
 	if token != "" {
-		if session, err := a.GetSession(token); err != nil {
+		if session, err := a.GetSession(token); session != nil && err == nil {
 			r.Header.Set("Mattermost-User-Id", session.UserId)
 		}
 	}
@@ -444,12 +448,14 @@ func (a *App) ServePluginRequest(w http.ResponseWriter, r *http.Request) {
 	r.Header.Del(model.HEADER_AUTH)
 	r.Header.Del("Referer")
 
+	params := mux.Vars(r)
+
 	newQuery := r.URL.Query()
 	newQuery.Del("access_token")
 	r.URL.RawQuery = newQuery.Encode()
+	r.URL.Path = strings.TrimPrefix(r.URL.Path, "/plugins/"+params["plugin_id"])
 
-	params := mux.Vars(r)
-	a.PluginEnv.Hooks().ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), "plugin_id", params["plugin_id"])))
+	handler(w, r.WithContext(context.WithValue(r.Context(), "plugin_id", params["plugin_id"])))
 }
 
 func (a *App) ShutDownPlugins() {
-- 
cgit v1.2.3-1-g7c22