From bbef788482f22e4c109e060a9fcfe6b3f828a88e Mon Sep 17 00:00:00 2001 From: yuweizzz Date: Thu, 11 Apr 2024 15:16:45 +0800 Subject: [PATCH 1/4] fix --- apisix/plugins/jwe-decrypt.lua | 4 +++- apisix/plugins/jwt-auth.lua | 4 +++- apisix/plugins/key-auth.lua | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/apisix/plugins/jwe-decrypt.lua b/apisix/plugins/jwe-decrypt.lua index b0d1e16f6d2a..a5cdd80a8331 100644 --- a/apisix/plugins/jwe-decrypt.lua +++ b/apisix/plugins/jwe-decrypt.lua @@ -180,7 +180,9 @@ end local function fetch_jwe_token(conf, ctx) - local token = core.request.header(ctx, conf.header) + local name = conf.header or schema.properties.header.default + core.log.info("get value from header: ", name) + local token = core.request.header(ctx, name) if token then local prefix = sub_str(token, 1, 7) if prefix == 'Bearer ' or prefix == 'bearer ' then diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua index 9fdc7a9b5b18..aa5d02313214 100644 --- a/apisix/plugins/jwt-auth.lua +++ b/apisix/plugins/jwt-auth.lua @@ -179,7 +179,9 @@ local function remove_specified_cookie(src, key) end local function fetch_jwt_token(conf, ctx) - local token = core.request.header(ctx, conf.header) + local name = conf.header or schema.properties.header.default + core.log.info("get value from header: ", name) + local token = core.request.header(ctx, name) if token then if conf.hide_credentials then -- hide for header diff --git a/apisix/plugins/key-auth.lua b/apisix/plugins/key-auth.lua index f8cfddae0cf8..942400ccc334 100644 --- a/apisix/plugins/key-auth.lua +++ b/apisix/plugins/key-auth.lua @@ -68,7 +68,9 @@ end function _M.rewrite(conf, ctx) local from_header = true - local key = core.request.header(ctx, conf.header) + local name = conf.header or schema.properties.header.default + core.log.info("get value from header: ", name) + local key = core.request.header(ctx, name) if not key then local uri_args = core.request.get_uri_args(ctx) or {} From f6c696b6dff7c3210eea4ead82c17dccfa4588ae Mon Sep 17 00:00:00 2001 From: yuweizzz Date: Thu, 11 Apr 2024 16:46:36 +0800 Subject: [PATCH 2/4] perf --- apisix/plugins/jwe-decrypt.lua | 4 +--- apisix/plugins/jwt-auth.lua | 4 +--- apisix/plugins/key-auth.lua | 4 +--- apisix/plugins/multi-auth.lua | 4 ++++ 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/apisix/plugins/jwe-decrypt.lua b/apisix/plugins/jwe-decrypt.lua index a5cdd80a8331..b0d1e16f6d2a 100644 --- a/apisix/plugins/jwe-decrypt.lua +++ b/apisix/plugins/jwe-decrypt.lua @@ -180,9 +180,7 @@ end local function fetch_jwe_token(conf, ctx) - local name = conf.header or schema.properties.header.default - core.log.info("get value from header: ", name) - local token = core.request.header(ctx, name) + local token = core.request.header(ctx, conf.header) if token then local prefix = sub_str(token, 1, 7) if prefix == 'Bearer ' or prefix == 'bearer ' then diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua index aa5d02313214..9fdc7a9b5b18 100644 --- a/apisix/plugins/jwt-auth.lua +++ b/apisix/plugins/jwt-auth.lua @@ -179,9 +179,7 @@ local function remove_specified_cookie(src, key) end local function fetch_jwt_token(conf, ctx) - local name = conf.header or schema.properties.header.default - core.log.info("get value from header: ", name) - local token = core.request.header(ctx, name) + local token = core.request.header(ctx, conf.header) if token then if conf.hide_credentials then -- hide for header diff --git a/apisix/plugins/key-auth.lua b/apisix/plugins/key-auth.lua index 942400ccc334..f8cfddae0cf8 100644 --- a/apisix/plugins/key-auth.lua +++ b/apisix/plugins/key-auth.lua @@ -68,9 +68,7 @@ end function _M.rewrite(conf, ctx) local from_header = true - local name = conf.header or schema.properties.header.default - core.log.info("get value from header: ", name) - local key = core.request.header(ctx, name) + local key = core.request.header(ctx, conf.header) if not key then local uri_args = core.request.get_uri_args(ctx) or {} diff --git a/apisix/plugins/multi-auth.lua b/apisix/plugins/multi-auth.lua index 5c6a825791d7..755846fe1f1e 100644 --- a/apisix/plugins/multi-auth.lua +++ b/apisix/plugins/multi-auth.lua @@ -54,6 +54,10 @@ function _M.check_schema(conf) if auth.type ~= 'auth' then return false, auth_plugin_name .. " plugin is not supported" end + local ok, err = auth.check_schema(auth_plugin_conf, auth.schema) + if not ok then + return false, "plugin " .. auth_plugin_name .. " check schema failed: " .. err + end end end end From 38206e2c155f31b1c2bd2f6e76c9ef76ef042b79 Mon Sep 17 00:00:00 2001 From: yuweizzz Date: Sat, 13 Apr 2024 14:32:35 +0800 Subject: [PATCH 3/4] t --- t/plugin/multi-auth.t | 111 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 105 insertions(+), 6 deletions(-) diff --git a/t/plugin/multi-auth.t b/t/plugin/multi-auth.t index 78ec19481b4a..5bf23998dec2 100644 --- a/t/plugin/multi-auth.t +++ b/t/plugin/multi-auth.t @@ -165,7 +165,106 @@ apikey: auth-two -=== TEST 8: enable multi auth plugin using admin api, without any auth_plugins configuration +=== TEST 8: enable multi auth plugin with default plugin conf +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "multi-auth": { + "auth_plugins": [ + { + "basic-auth": {} + }, + { + "key-auth": {} + }, + { + "jwt-auth": {} + } + ] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 9: verify, missing authorization +--- request +GET /hello +--- error_code: 401 +--- response_body +{"message":"Authorization Failed"} + + + +=== TEST 10: verify basic-auth +--- request +GET /hello +--- more_headers +Authorization: Basic Zm9vOmJhcg== +--- response_body +hello world +--- error_log +find consumer foo + + + +=== TEST 11: verify key-auth +--- request +GET /hello +--- more_headers +apikey: auth-one +--- response_body +hello world + + + +=== TEST 12: verify, invalid basic credentials +--- request +GET /hello +--- more_headers +Authorization: Basic YmFyOmJhcgo= +--- error_code: 401 +--- response_body +{"message":"Authorization Failed"} + + + +=== TEST 13: verify, invalid api key +--- request +GET /hello +--- more_headers +apikey: auth-two +--- error_code: 401 +--- response_body +{"message":"Authorization Failed"} + + + +=== TEST 14: enable multi auth plugin using admin api, without any auth_plugins configuration --- config location /t { content_by_lua_block { @@ -200,7 +299,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr -=== TEST 9: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin +=== TEST 15: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin --- config location /t { content_by_lua_block { @@ -241,7 +340,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr -=== TEST 10: create public API route (jwt-auth sign) +=== TEST 16: create public API route (jwt-auth sign) --- config location /t { content_by_lua_block { @@ -269,7 +368,7 @@ passed -=== TEST 11: add consumer with username and jwt-auth plugins +=== TEST 17: add consumer with username and jwt-auth plugins --- config location /t { content_by_lua_block { @@ -300,7 +399,7 @@ passed -=== TEST 12: sign / verify jwt-auth +=== TEST 18: sign / verify jwt-auth --- config location /t { content_by_lua_block { @@ -330,7 +429,7 @@ hello world -=== TEST 13: verify multi-auth with plugin config will cause the conf_version change +=== TEST 19: verify multi-auth with plugin config will cause the conf_version change --- config location /t { content_by_lua_block { From d66930b9a4d83f9fba5325ced4ef109ec00461ee Mon Sep 17 00:00:00 2001 From: yuweizzz Date: Tue, 23 Apr 2024 15:43:21 +0800 Subject: [PATCH 4/4] update t --- t/plugin/multi-auth.t | 169 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 157 insertions(+), 12 deletions(-) diff --git a/t/plugin/multi-auth.t b/t/plugin/multi-auth.t index 5bf23998dec2..aacfe200f7e9 100644 --- a/t/plugin/multi-auth.t +++ b/t/plugin/multi-auth.t @@ -165,7 +165,152 @@ apikey: auth-two -=== TEST 8: enable multi auth plugin with default plugin conf +=== TEST 8: enable multi auth plugin with invalid plugin conf in first auth_plugin +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "multi-auth": { + "auth_plugins": [ + { + "basic-auth": { + "hide_credentials": "false" + } + }, + { + "key-auth": {} + }, + { + "jwt-auth": {} + } + ] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.print(body) + } + } +--- request +GET /t +--- error_code: 400 +--- response_body +{"error_msg":"failed to check the configuration of plugin multi-auth err: plugin basic-auth check schema failed: property \"hide_credentials\" validation failed: wrong type: expected boolean, got string"} + + + +=== TEST 9: enable multi auth plugin with invalid plugin conf in second auth_plugins +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "multi-auth": { + "auth_plugins": [ + { + "key-auth": {} + }, + { + "basic-auth": "blah" + }, + { + "jwt-auth": {} + } + ] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.print(body) + } + } +--- request +GET /t +--- error_code: 400 +--- response_body +{"error_msg":"failed to check the configuration of plugin multi-auth err: plugin basic-auth check schema failed: wrong type: expected object, got string"} + + + +=== TEST 10: enable multi auth plugin with invalid plugin conf in third auth_plugins +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "multi-auth": { + "auth_plugins": [ + { + "key-auth": {} + }, + { + "basic-auth": {} + }, + { + "jwt-auth": { + "header": 123 + } + } + ] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.print(body) + } + } +--- request +GET /t +--- error_code: 400 +--- response_body +{"error_msg":"failed to check the configuration of plugin multi-auth err: plugin jwt-auth check schema failed: property \"header\" validation failed: wrong type: expected string, got number"} + + + +=== TEST 11: enable multi auth plugin with default plugin conf --- config location /t { content_by_lua_block { @@ -211,7 +356,7 @@ passed -=== TEST 9: verify, missing authorization +=== TEST 12: verify, missing authorization --- request GET /hello --- error_code: 401 @@ -220,7 +365,7 @@ GET /hello -=== TEST 10: verify basic-auth +=== TEST 13: verify basic-auth --- request GET /hello --- more_headers @@ -232,7 +377,7 @@ find consumer foo -=== TEST 11: verify key-auth +=== TEST 14: verify key-auth --- request GET /hello --- more_headers @@ -242,7 +387,7 @@ hello world -=== TEST 12: verify, invalid basic credentials +=== TEST 15: verify, invalid basic credentials --- request GET /hello --- more_headers @@ -253,7 +398,7 @@ Authorization: Basic YmFyOmJhcgo= -=== TEST 13: verify, invalid api key +=== TEST 16: verify, invalid api key --- request GET /hello --- more_headers @@ -264,7 +409,7 @@ apikey: auth-two -=== TEST 14: enable multi auth plugin using admin api, without any auth_plugins configuration +=== TEST 17: enable multi auth plugin using admin api, without any auth_plugins configuration --- config location /t { content_by_lua_block { @@ -299,7 +444,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr -=== TEST 15: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin +=== TEST 18: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin --- config location /t { content_by_lua_block { @@ -340,7 +485,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr -=== TEST 16: create public API route (jwt-auth sign) +=== TEST 19: create public API route (jwt-auth sign) --- config location /t { content_by_lua_block { @@ -368,7 +513,7 @@ passed -=== TEST 17: add consumer with username and jwt-auth plugins +=== TEST 20: add consumer with username and jwt-auth plugins --- config location /t { content_by_lua_block { @@ -399,7 +544,7 @@ passed -=== TEST 18: sign / verify jwt-auth +=== TEST 21: sign / verify jwt-auth --- config location /t { content_by_lua_block { @@ -429,7 +574,7 @@ hello world -=== TEST 19: verify multi-auth with plugin config will cause the conf_version change +=== TEST 22: verify multi-auth with plugin config will cause the conf_version change --- config location /t { content_by_lua_block {