fix(auth): Encode auth bearer token (#291)

* Update readmes

* Encode token

* Update tests

README.md

@@ -100,8 +100,8 @@ install/remove cert-manager from your cluster.
 
 ### User Authentication
 
-Users can use `oc whoami --show-token` to retrieve their OpenShift OAuth token
-for the currently logged in user account. This token can be used when directly
+Users can use `oc whoami --show-token | base64` to retrieve their encoded OpenShift OAuth token
+for the currently logged in user account. This encoded token can be used when directly
 interacting with the deployed Cryostat instance(s), for example on the
 web-client login page.
 

docs/api.md

@@ -281,7 +281,7 @@ status:
 
 If running on OpenShift, you will need to pass your bearer token with the `curl` request. (You may also need -k if your test cluster uses a self-signed certificate)
 ```shell
-$ curl -k -H "Authorization: Bearer $(oc whoami -t)" \
+$ curl -k -H "Authorization: Bearer $(oc whoami -t | base64)" \
 https://cryostat-sample-cryostat-operator-system.apps-crc.testing:443/api/v1/recordings/10-217-0-29_my-recording_20210429T220400Z.jfr \
 my-recording.jfr
 ```

internal/controllers/common/common_reconciler.go

@@ -38,6 +38,7 @@ package common
 
 import (
 	"context"
+	b64 "encoding/base64"
 	"errors"
 	"fmt"
 	"net/url"
@@ -130,7 +131,7 @@ func (r *commonReconciler) GetCryostatClient(ctx context.Context, namespace stri
 	if err != nil {
 		return nil, err
 	}
-	strTok := string(tok)
+	strTok := b64.StdEncoding.EncodeToString(tok)
 
 	// Get JMX authentication credentials, if present
 	var jmxCreds *cryostatClient.JMXAuthCredentials

internal/test/handlers.go

@@ -341,7 +341,7 @@ func NewTemplates() []operatorv1beta1.TemplateInfo {
 }
 
 func verifyToken() http.HandlerFunc {
-	return ghttp.VerifyHeaderKV("Authorization", "Bearer myToken")
+	return ghttp.VerifyHeaderKV("Authorization", "Bearer bXlUb2tlbg==")
 }
 
 func verifyJMXAuth() http.HandlerFunc {