Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

key-auth plugin returns error when key is set with empty value #4405

Closed
jameswestnz opened this issue Mar 19, 2019 · 5 comments
Closed

key-auth plugin returns error when key is set with empty value #4405

jameswestnz opened this issue Mar 19, 2019 · 5 comments
Labels
task/bug

Comments

@jameswestnz
Copy link

Summary

The key-auth plugin returns an error (shown below) when the apikey header is set with an empty value. While the fix could be to ensure the client does not pass an empty apikey, I feel the expected result should be either:

  1. Kong resolves and continues with the anonymous consumer (if defined); or
  2. Throw a 40X as if the apikey was never set

Steps To Reproduce

  1. Configure the key-auth plugin globally, or on a specific service/route
  2. Configure a consumer & key as per plugin instructions (https://docs.konghq.com/hub/kong-inc/key-auth/)
  3. Send a request to the route's URL with a present (but empty) apikey header

Additional Details & Logs

Kong version: 1.0.3
Error thrown in the logs: [kong] handler.lua:159 [key-auth] failed to get from node cache: [postgres] length must be at least 1
@shugydw
Copy link

shugydw commented Mar 19, 2019

This issue may or may not be related to the issue I am facing (https://discuss.konghq.com/t/key-authentication-is-not-working/3034)

I am passing the correct apikey in query string (and tested in header as well). The requests are 401 Unauthorized.

Kong: Docker 1.0.3-alpine
Database: Docker Postgres 11.2-alpine
I don't recall any error such as yours.

@jameswestnz
Copy link
Author

This seems to be the block throwing the exception: https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua#L158-L161

I'm experiencing an HTTP status code of 500 with a body of An unexpected error occurred - I think this is the only place (in this plugin) where we return an unconstructed body as a response.

Does the block above get caught here?: https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua#L203

I'll take a look if I can free up some time - just sharing thoughts in case they help!

@jameswestnz
Copy link
Author

Untested, but I think adjusting https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua#L158-L161 to the following will fix the issue:

if err then
  kong.log.err(err)
  return nil, { status = 500, message = "An unexpected error occurred" }
end

hbagdi added a commit to hbagdi/kong that referenced this issue Mar 21, 2019
@hbagdi
fix(key-auth) return unauthorized on empty header
929bc38 
Fix Kong#4405
@hbagdi hbagdi mentioned this issue Mar 21, 2019
Closed
@shugydw
Copy link

shugydw commented Apr 9, 2019

This issue may or may not be related to the issue I am facing (https://discuss.konghq.com/t/key-authentication-is-not-working/3034)

I am passing the correct apikey in query string (and tested in header as well). The requests are 401 Unauthorized.

Kong: Docker 1.0.3-alpine
Database: Docker Postgres 11.2-alpine
I don't recall any error such as yours.

My issue is caused by Konga - pantsel/konga#369

@jeremyjpj0916 jeremyjpj0916 mentioned this issue Oct 18, 2019
Closed
@cuongndc
Copy link

@shugydw, I have been the same issue, any ideas for your problem? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jameswestnz @bungle @shugydw @cuongndc