feat(key-auth) optionally search the request body for credentials #2493
Conversation
p0pr0ck5
force-pushed
the
feat/key-auth-body
branch
2 times, most recently
from
a943285 to
906419c
Compare
thibaultcha
added
pr/ready (but hold merge)
| if type == "postData" then | ||
| local t = json[type].text:sub(8) | ||
| field = { apikey = t ~= "" and t or nil } | ||
| else |
There was a problem hiding this comment.
I think we should apply our codestyle to tests as well
| if type == "postData" then | ||
| local t = json[type].text:sub(8) | ||
| field = { apikey = t ~= "" and t or nil } | ||
| else |
This commit provides an optional plugin configuration field to search the request body for the authentication credentials. This behavior respects the hide_credentials field. This commit also expands the access test suite to cover a few more use cases.
p0pr0ck5
force-pushed
the
feat/key-auth-body
branch
from
906419c to
4cd50e9
Compare
|
Thanks, minor style fixes applied and merged. |
|
I made a slight oversight: we should have updated the |
|
@thibaultcha would the resulting change in the return values constitute a breaking change, and thus belong in the next major release? or this is something we're comfortable patching now? |
|
I think as long as the HTTP status code doesn't change, this is hardly considered a breaking change. It should be fine. |
|
👍 wasn't sure about our stance on the message content itself (i imagine a UI application working based on the contents of the |
Summary
This commit provides an optional plugin configuration field to
search the request body for the authentication credentials. This
behavior respects the hide_credentials field.
This commit also expands the access test suite to cover a few more
use cases.
Full changelog