fix(api): tighten OIDC basic token parsing and error wrapping

Agent-Logs-Url: https://github.com/project-zot/zot/sessions/0c0a0243-d702-44d5-a93f-457595fe485d Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
2026-06-17 21:17:58 +08:00 · 2026-05-18 22:41:05 +00:00
parent 3b040cc6d7
commit af99f64534
1 changed files with 3 additions and 2 deletions
@@ -226,7 +226,7 @@ func getOIDCTokenFromAuthorizationHeader(header string) (string, error) {
 	case "basic":
 		decodedStr, err := base64.StdEncoding.DecodeString(splitStr[1])
 		if err != nil {
-			return "", zerr.ErrInvalidBearerToken
+			return "", fmt.Errorf("%w: %w", zerr.ErrInvalidBearerToken, err)
 		}

 		pair := strings.SplitN(string(decodedStr), ":", 2) //nolint:mnd
@@ -238,8 +238,9 @@ func getOIDCTokenFromAuthorizationHeader(header string) (string, error) {
 		if tokenString == "" {
 			tokenString = pair[0]
 		}
+		tokenString = strings.TrimSpace(tokenString)

-		if strings.TrimSpace(tokenString) == "" {
+		if tokenString == "" {
 			return "", zerr.ErrInvalidBearerToken
 		}