Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(hmac-auth) generate a credential secret if none provided #2158

Merged
merged 1 commit into from
Mar 14, 2017
Merged

fix(hmac-auth) generate a credential secret if none provided #2158

merged 1 commit into from
Mar 14, 2017

Conversation

p0pr0ck5
Copy link
Contributor

@p0pr0ck5 p0pr0ck5 commented Mar 3, 2017

Summary

Since the credential secret is required to compute the signature, create a random secret which will be displayed back to the user as part of the response body.

Full changelog

  • generate a credential secret if none provided

Issues resolved

Fix #2143

@p0pr0ck5 p0pr0ck5 force-pushed the fix/hmac_default_key branch 2 times, most recently from 2217c1a to 5871443 Compare March 3, 2017 01:18
Tieske
Tieske approved these changes Mar 3, 2017
View reviewed changes
kong/plugins/hmac-auth/daos.lua Outdated

local function random_secret(t)
return utils.random_string()
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why wrapping a single function call into another function?

if it is to drop the argument, then maybe a small comment would make that clear

Copy link
Contributor Author

@p0pr0ck5 p0pr0ck5 Mar 3, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, silly mistake, we can just set default = utils.random_string. ill fix that

spec/03-plugins/09-hmac-auth/02-api_spec.lua Outdated

local body = assert.res_status(201, res)
credential = cjson.decode(body)
assert.is.not_nil(credential.secret)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi; you could write this as:

assert.response(res).has.status(201)
local json = assert.response(res).has.jsonbody()
assert.is.not_nil(json.secret)

these custom assertions (in spec/helpers.lua) generally provide better error messages when they fail.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this was a copypasta from the test above. Nice to know though!

@Tieske
Copy link
Member

Tieske commented Mar 3, 2017

@poprocks ^^ approved it, but assuming there will be another pr with the migrations

@p0pr0ck5
Copy link
Contributor Author

p0pr0ck5 commented Mar 3, 2017

@Tieske re-up'd with an adjustment to the dao. I'd be happy to work on the migration part of it, but I could use some hand holding there.

@Tieske
Copy link
Member

Tieske commented Mar 4, 2017

@p0pr0ck5 checkout the 2 migration files for the Kong core in the dao. They provide quite some examples.

Ping me if you need more.

@p0pr0ck5 p0pr0ck5 mentioned this pull request Mar 7, 2017
Closed
@p0pr0ck5 p0pr0ck5 changed the base branch from release/0.10.0 to next March 8, 2017 16:38
@p0pr0ck5 p0pr0ck5 force-pushed the fix/hmac_default_key branch 2 times, most recently from 138e290 to 4c4ff54 Compare March 13, 2017 17:03
@p0pr0ck5
fix(hmac-auth) generate a credential secret if none provided
31af708 
Since the credential secret is required to compute the signature,
create a random secret which will be displayed back to the user
as part of the response body.

This fixes issue #2143.
@thibaultcha
Copy link
Member

@p0pr0ck5 Are you planning on providing the migration in this PR or another one?

@thibaultcha thibaultcha added the pr/ready (but hold merge) No more concerns, but do not merge yet (probably a conflict of interest with another PR or release) label Mar 13, 2017
@p0pr0ck5
Copy link
Contributor Author

Will handle the migration in another PR, since it's fairly destructive (after talking to tieske it seems the best plan for that is to simply delete all entries with a null secret), so id like to test it a bit, and not block this PR.

@p0pr0ck5 p0pr0ck5 merged commit 7f9d342 into next Mar 14, 2017
@p0pr0ck5 p0pr0ck5 deleted the fix/hmac_default_key branch March 14, 2017 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tieske Tieske Tieske approved these changes

@thibaultcha thibaultcha thibaultcha approved these changes

Assignees
No one assigned
Labels
pr/ready (but hold merge) No more concerns, but do not merge yet (probably a conflict of interest with another PR or release)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@p0pr0ck5 @Tieske @thibaultcha