Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hmac auth body validation #3347

Merged
merged 6 commits into from
May 19, 2018
Merged

Hmac auth body validation #3347

merged 6 commits into from
May 19, 2018

Conversation

mvanholsteijn
Copy link
Contributor

Summary

Changes the hmac-auth request validation logic to pass if:

  • there is no Digest and no body
  • there is Digest for an empty body and no body.
  • there is a Digest for the body and a body.

This is to make sure that we can put 'digest' in the enforce_headers for all requests.

Full changelog

  • added tests for scenarios
  • added logic in validate_body()

Issues resolved

Fix #3345
Fix #3346

@mvanholsteijn mvanholsteijn mentioned this pull request Mar 27, 2018
Closed
@shashiranjan84
Copy link
Contributor

@mvanholsteijn thanks for PR, would you please rebase before we start reviewing ?

@mvanholsteijn
Copy link
Contributor Author

@shashiranjan84 Do you have any idea on when this PR might be reviewed?

shashiranjan84
shashiranjan84 reviewed May 8, 2018
View reviewed changes
kong/plugins/hmac-auth/access.lua Outdated
if not body then
return false
-- if no body, calculate sha-256 over 0 bytes
body = ''
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can drop this check and just do

sha256:update(body or '')

shashiranjan84
shashiranjan84 reviewed May 8, 2018
View reviewed changes
Copy link
Contributor

@shashiranjan84 shashiranjan84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, just requested minor change.

shashiranjan84
shashiranjan84 approved these changes May 9, 2018
View reviewed changes
Copy link
Contributor

@shashiranjan84 shashiranjan84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shashiranjan84 shashiranjan84 added pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes) and removed pr/please review labels May 9, 2018
@shashiranjan84
Copy link
Contributor

shashiranjan84 commented May 9, 2018
edited
Loading

@mvanholsteijn would you please also update the doc, https://github.com/Kong/getkong.org/blob/master/app/plugins/hmac-authentication.md?

@shashiranjan84 shashiranjan84 added pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... and removed pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes) labels May 10, 2018
@mvanholsteijn mvanholsteijn mentioned this pull request May 13, 2018
Closed
mvanholsteijn added a commit to binxio/getkong.org that referenced this pull request May 13, 2018
@mvanholsteijn
added documentation for pull request Kong/kong#3347
1cbd621
mvanholsteijn added a commit to binxio/getkong.org that referenced this pull request May 13, 2018
@mvanholsteijn
added documentation for pull request Kong/kong#3347
215339f
@mvanholsteijn mvanholsteijn mentioned this pull request May 13, 2018
Merged
@mvanholsteijn
Copy link
Contributor Author

@shashiranjan84 I added the documentation to getkong.org...

@shashiranjan84 shashiranjan84 added pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes) and removed pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... labels May 17, 2018
@shashiranjan84
Copy link
Contributor

Thanks @mvanholsteijn .

@thibaultcha thibaultcha merged commit 96071b4 into Kong:master May 19, 2018
@thibaultcha
Copy link
Member

@mvanholsteijn Thank you for the patch! If you haven't done so yet, be sure to grab your Contributor T-shirt :)

thibaultcha pushed a commit to Kong/docs.konghq.com that referenced this pull request May 19, 2018
@mvanholsteijn @thibaultcha
docs(hmac) clarify empty body validation requirements
3b6e9ae 
See Kong/kong#3347

From #706
Tieske pushed a commit to Kong/docs.konghq.com that referenced this pull request May 28, 2018
@mvanholsteijn @Tieske
docs(hmac) clarify empty body validation requirements
5ff839a 
See Kong/kong#3347

From #706
thibaultcha pushed a commit to Kong/docs.konghq.com that referenced this pull request May 30, 2018
@mvanholsteijn @thibaultcha
docs(hmac) clarify empty body validation requirements
82ef504 
See Kong/kong#3347

From #706
hbagdi pushed a commit to Kong/docs.konghq.com that referenced this pull request May 31, 2018
@mvanholsteijn @hbagdi
docs(hmac) clarify empty body validation requirements
ac9ed61 
See Kong/kong#3347

From #706
thibaultcha pushed a commit to Kong/docs.konghq.com that referenced this pull request Jun 28, 2018
@mvanholsteijn @thibaultcha
docs(hmac) clarify empty body validation requirements
5f2f399 
See Kong/kong#3347

From #706
ukiahsmith pushed a commit to Kong/docs.konghq.com that referenced this pull request Jul 2, 2018
@mvanholsteijn
docs(hmac) clarify empty body validation requirements
3824a1a 
See Kong/kong#3347

From #706
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shashiranjan84 shashiranjan84 shashiranjan84 approved these changes

Assignees
No one assigned
Labels
pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes)
Projects
None yet
Milestone
No milestone
3 participants
@mvanholsteijn @shashiranjan84 @thibaultcha