[v12.0/forgejo] fix: ASCII equal fold for authorization header (#8459)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8391 For the "Authorization:" header only lowercase "token" was accepted. This change allows uppercase "Token" as well. Signed-off-by: Nis Wechselberg <enbewe@enbewe.de> Co-authored-by: Nis Wechselberg <enbewe@enbewe.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8459 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-08-31 14:36:47 +00:00 · 2025-07-10 01:30:07 +02:00 · 2025-07-10 01:30:07 +02:00 · 501836df77
commit 501836df77
parent eb543dcbdb
4 changed files with 78 additions and 1 deletions
--- a/modules/util/string.go
+++ b/modules/util/string.go
@ -95,3 +95,25 @@ func UnsafeBytesToString(b []byte) string {
 func UnsafeStringToBytes(s string) []byte {
 	return unsafe.Slice(unsafe.StringData(s), len(s))
 }
+
+// AsciiEqualFold is taken from Golang, but reimplemented here, since the original is not exposed to public
+// Taken from: https://cs.opensource.google/go/go/+/refs/tags/go1.24.4:src/net/http/internal/ascii/print.go
+func ASCIIEqualFold(s, t string) bool {
+	if len(s) != len(t) {
+		return false
+	}
+	for i := 0; i < len(s); i++ {
+		if ASCIILower(s[i]) != ASCIILower(t[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+// AsciiLower returns the ASCII lowercase version of b.
+func ASCIILower(b byte) byte {
+	if 'A' <= b && b <= 'Z' {
+		return b + ('a' - 'A')
+	}
+	return b
+}
--- a/modules/util/string_test.go
+++ b/modules/util/string_test.go
@ -45,3 +45,29 @@ func TestToSnakeCase(t *testing.T) {
 		assert.Equal(t, expected, ToSnakeCase(input))
 	}
 }
+
+func TestASCIIEqualFold(t *testing.T) {
+	cases := map[string]struct {
+		First    string
+		Second   string
+		Expected bool
+	}{
+		"Empty String":          {First: "", Second: "", Expected: true},
+		"Single Letter Ident":   {First: "h", Second: "h", Expected: true},
+		"Single Letter Equal":   {First: "h", Second: "H", Expected: true},
+		"Single Letter Unequal": {First: "h", Second: "g", Expected: false},
+		"Simple Match Ident":    {First: "someString", Second: "someString", Expected: true},
+		"Simple Match Equal":    {First: "someString", Second: "someSTRIng", Expected: true},
+		"Simple Match Unequal":  {First: "someString", Second: "sameString", Expected: false},
+		"Different Length":      {First: "abcdef", Second: "abcdefg", Expected: false},
+		"Unicode Kelvin":        {First: "ghijklm", Second: "GHIJ\u212ALM", Expected: false},
+	}
+
+	for name := range cases {
+		c := cases[name]
+		t.Run(name, func(t *testing.T) {
+			Actual := ASCIIEqualFold(c.First, c.Second)
+			assert.Equal(t, c.Expected, Actual)
+		})
+	}
+}