From 27b838ec4397948b7a92ee109858e44098fad7ad Mon Sep 17 00:00:00 2001
From: rotem <rotem.sagi@snyk.io>
Date: Wed, 4 Nov 2020 14:10:46 +0200
Subject: [PATCH] fix: incorrect header sent for Docker Desktop requests

---
 src/lib/api-token.ts                   |  8 ++++++++
 src/lib/snyk-test/assemble-payloads.ts |  4 ++--
 src/lib/snyk-test/run-test.ts          | 12 ++----------
 test/acceptance/docker-token.test.ts   |  9 +++++++++
 test/acceptance/fake-server.ts         |  7 +++++++
 5 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/src/lib/api-token.ts b/src/lib/api-token.ts
index 73bd59d415..d1a062c083 100644
--- a/src/lib/api-token.ts
+++ b/src/lib/api-token.ts
@@ -19,3 +19,11 @@ export function apiTokenExists() {
   }
   return configured;
 }
+
+export function authHeaderWithApiTokenOrDockerJWT() {
+  const dockerToken = getDockerToken();
+  if (dockerToken) {
+    return 'bearer ' + dockerToken;
+  }
+  return 'token ' + api();
+}
diff --git a/src/lib/snyk-test/assemble-payloads.ts b/src/lib/snyk-test/assemble-payloads.ts
index 826c54a487..7d15f82918 100644
--- a/src/lib/snyk-test/assemble-payloads.ts
+++ b/src/lib/snyk-test/assemble-payloads.ts
@@ -1,5 +1,4 @@
 import * as path from 'path';
-import * as snyk from '../';
 import * as config from '../config';
 import { isCI } from '../is-ci';
 import { getPlugin } from '../ecosystems';
@@ -9,6 +8,7 @@ import { Payload } from './types';
 import { assembleQueryString } from './common';
 import spinner = require('../spinner');
 import { findAndLoadPolicyForScanResult } from '../ecosystems/policy';
+import { authHeaderWithApiTokenOrDockerJWT } from '../../lib/api-token';
 
 export async function assembleEcosystemPayloads(
   ecosystem: Ecosystem,
@@ -58,7 +58,7 @@ export async function assembleEcosystemPayloads(
         json: true,
         headers: {
           'x-is-ci': isCI(),
-          authorization: 'token ' + snyk.api,
+          authorization: authHeaderWithApiTokenOrDockerJWT(),
         },
         body: {
           scanResult,
diff --git a/src/lib/snyk-test/run-test.ts b/src/lib/snyk-test/run-test.ts
index a16f652e3a..e2e2fd7372 100644
--- a/src/lib/snyk-test/run-test.ts
+++ b/src/lib/snyk-test/run-test.ts
@@ -67,7 +67,7 @@ import {
 import { CallGraphError, CallGraph } from '@snyk/cli-interface/legacy/common';
 import * as alerts from '../alerts';
 import { abridgeErrorMessage } from '../error-format';
-import { getDockerToken } from '../api-token';
+import { authHeaderWithApiTokenOrDockerJWT } from '../api-token';
 import { getEcosystem } from '../ecosystems';
 import { Issue } from '../ecosystems/types';
 import { assembleEcosystemPayloads } from './assemble-payloads';
@@ -751,7 +751,7 @@ async function assembleLocalPayloads(
         json: true,
         headers: {
           'x-is-ci': isCI(),
-          authorization: getAuthHeader(),
+          authorization: authHeaderWithApiTokenOrDockerJWT(),
         },
         qs: common.assembleQueryString(options),
         body,
@@ -803,14 +803,6 @@ function addPackageAnalytics(name: string, version: string): void {
   analytics.add('package', name + '@' + version);
 }
 
-function getAuthHeader() {
-  const dockerToken = getDockerToken();
-  if (dockerToken) {
-    return 'bearer ' + dockerToken;
-  }
-  return 'token ' + snyk.api;
-}
-
 function countUniqueVulns(vulns: AnnotatedIssue[]): number {
   const seen = {};
   for (const curr of vulns) {
diff --git a/test/acceptance/docker-token.test.ts b/test/acceptance/docker-token.test.ts
index ad0da6aba4..bb0497b907 100644
--- a/test/acceptance/docker-token.test.ts
+++ b/test/acceptance/docker-token.test.ts
@@ -76,9 +76,18 @@ test('`snyk test` with docker flag - docker token and no api key', async (t) =>
       docker: true,
     });
     const req = server.popRequest();
+    t.match(
+      req.headers.authorization,
+      'bearer docker-jwt-token',
+      'sends correct authorization header',
+    );
     t.equal(req.method, 'POST', 'makes POST request');
     t.match(req.url, 'docker-jwt/test-dependencies', 'posts to correct url');
   } catch (err) {
+    if (err.code === 401) {
+      t.fail('did not send correct autorization header');
+      t.end();
+    }
     t.fail('did not expect exception to be thrown ' + err);
   }
 });
diff --git a/test/acceptance/fake-server.ts b/test/acceptance/fake-server.ts
index 2c46665303..22f1955567 100644
--- a/test/acceptance/fake-server.ts
+++ b/test/acceptance/fake-server.ts
@@ -125,6 +125,13 @@ export function fakeServer(root, apikey) {
   });
 
   server.post(root + '/docker-jwt/test-dependencies', (req, res, next) => {
+    if (
+      req.headers.authorization &&
+      !req.headers.authorization.includes('bearer')
+    ) {
+      res.send(401);
+    }
+
     res.send({
       result: {
         issues: [],