mirror of
https://github.com/embarklabs/embark.git
synced 2025-01-11 06:16:01 +00:00
98fc1ab51e
Cockpit allows for authentication via a `token` query parameter a la
```
http://localhost:8000/embark?token=xxxx-xxxx-xxxx-xxxx
```
So far, this was the only query parameter cockpit knew about, which is
why the algorithm during bootstrap always assumed that, if we have
query parameters, there has to be a `token` query parameter.
However, since 20831179fc, this turns out to be a problem. The hashing algorithm
for the request headers will throw, when `token` is not defined, which
can be possible with future features that add new query parameters.
This can be easily reproduced by bootstrapping/refreshing Cockpit using
any arbitrary query string parameter that is not `token`.
With this commit we ensure that we only perform query string authentication
when a `token` parameter is available.