envoyproxy · lizan · Sep 17, 2021 · Sep 3, 2021 · Sep 15, 2021
diff --git a/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto b/api/envoy/extensions/filters/http/jwt_authn/v3/config.proto
@@ -137,6 +137,7 @@ message JwtProvider {
 
   // If false, the JWT is removed in the request after a success verification. If true, the JWT is
   // not removed in the request. Default value is false.
+  // caveat: only works for from_header & has no effect for JWTs extracted through from_params & from_cookies.
   bool forward = 5;
 
   // Two fields below define where to extract the JWT from an HTTP request.

@@ -119,7 +119,6 @@ class JwtCookieLocation : public JwtLocationBase {
 
   void removeJwt(Http::HeaderMap&) const override {
     // TODO(theshubhamp): remove JWT from cookies.
-    NOT_IMPLEMENTED_GCOVR_EXCL_LINE;
   }
 };
 

@@ -286,16 +286,19 @@ TEST_F(ExtractorTest, TestCookieToken) {
   EXPECT_EQ(tokens[0]->token(), "token-cookie-value");
   EXPECT_TRUE(tokens[0]->isIssuerAllowed("issuer9"));
   EXPECT_FALSE(tokens[0]->isIssuerAllowed("issuer10"));
+  tokens[0]->removeJwt(headers);
 
   // only issuer9 has specified "token-cookie-2" cookie location.
   EXPECT_EQ(tokens[1]->token(), "token-cookie-value-2");
   EXPECT_TRUE(tokens[1]->isIssuerAllowed("issuer9"));
   EXPECT_FALSE(tokens[1]->isIssuerAllowed("issuer10"));
+  tokens[1]->removeJwt(headers);
 
   // only issuer10 has specified "token-cookie-3" cookie location.
   EXPECT_EQ(tokens[2]->token(), "token-cookie-value-3");
   EXPECT_TRUE(tokens[2]->isIssuerAllowed("issuer10"));
   EXPECT_FALSE(tokens[2]->isIssuerAllowed("issuer9"));
+  tokens[2]->removeJwt(headers);
 }
 
 // Test extracting multiple tokens.
-Original file line number
+Diff line change
@@ Expand Up / @@ -119,7 +119,6 @@ class JwtCookieLocation : public JwtLocationBase { @@
       void removeJwt(Http::HeaderMap&) const override {
         // TODO(theshubhamp): remove JWT from cookies.
-        NOT_IMPLEMENTED_GCOVR_EXCL_LINE;
       }
     };
@@ Expand Down @@