feat: remove bearer prefix from token (#17)

* feat: remove bearer prefix

* tests: update bearer token test

src/main/java/org/tkit/onecx/permission/common/services/TokenService.java

@@ -10,6 +10,7 @@
 import org.tkit.quarkus.rs.context.token.TokenParserRequest;
 import org.tkit.quarkus.rs.context.token.TokenParserService;
 
+import io.quarkus.oidc.common.runtime.OidcConstants;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -25,11 +26,17 @@ public class TokenService {
     @Inject
     TokenParserService tokenParserService;
 
+    private static final String BEARER_PREFIX = OidcConstants.BEARER_SCHEME + " ";
+
     public List<String> getTokenRoles(String tokenData) {
 
         try {
+            var token = tokenData;
+            if (token.startsWith(BEARER_PREFIX)) {
+                token = token.substring(BEARER_PREFIX.length());
+            }
 
-            var request = new TokenParserRequest(tokenData)
+            var request = new TokenParserRequest(token)
                     .verify(config.verified())
                     .issuerEnabled(config.publicKeyEnabled())
                     .issuerSuffix(config.publicKeyLocationSuffix());

src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java

@@ -29,7 +29,8 @@ class PermissionRestControllerTest extends AbstractTest {
     @Test
     void getApplicationPermissionsTest() {
 
-        var accessToken = createToken(List.of("n3"));
+        // bearer prefix
+        var accessToken = createTokenBearer(List.of("n3"));
 
         var dto = given()
                 .contentType(APPLICATION_JSON)
@@ -44,6 +45,22 @@ void getApplicationPermissionsTest() {
         assertThat(dto.getPermissions()).isNotNull().hasSize(1);
         assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3");
 
+        // without bearer prefix
+        accessToken = createToken(null, List.of("n3"));
+
+        dto = given()
+                .contentType(APPLICATION_JSON)
+                .body(new PermissionRequestDTOV1().token(accessToken))
+                .post("app1")
+                .then()
+                .statusCode(OK.getStatusCode())
+                .extract()
+                .body().as(ApplicationPermissionsDTOV1.class);
+
+        assertThat(dto).isNotNull();
+        assertThat(dto.getPermissions()).isNotNull().hasSize(1);
+        assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3");
+
     }
 
     private static Stream<Arguments> badRequestData() {
@@ -83,7 +100,7 @@ void getApplicationPermissionsWrongTongTest() {
     @Test
     void getApplicationsPermissionsTest() {
 
-        var accessToken = createToken(List.of("n3"));
+        var accessToken = createTokenBearer(List.of("n3"));
 
         var dto = given()
                 .contentType(APPLICATION_JSON)

src/test/java/org/tkit/onecx/permission/test/AbstractTest.java

@@ -50,8 +50,8 @@ protected static String createToken(String organizationId) {
         return createToken(organizationId, null);
     }
 
-    protected static String createToken(List<String> roles) {
-        return createToken(null, roles);
+    protected static String createTokenBearer(List<String> roles) {
+        return "Bearer " + createToken(null, roles);
     }
 
     protected static String createToken(String organizationId, List<String> roles) {