Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(key-auth) add config.key_in_header and config.key_in_query #6590

Merged
merged 1 commit into from Nov 20, 2020
Merged

feat(key-auth) add config.key_in_header and config.key_in_query #6590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 8 additions & 3 deletions kong/plugins/key-auth/handler.lua
View file
Open in desktop
Expand Up @@ -8,7 +8,7 @@ local error = error

local KeyAuthHandler = {
PRIORITY = 1003,
VERSION = "2.3.0",
VERSION = "2.4.0",
}


Expand Down Expand Up @@ -93,8 +93,13 @@ local function do_authentication(conf)
-- search in headers & querystring
for i = 1, #conf.key_names do
local name = conf.key_names[i]
local v = headers[name]
if not v then
local v

if conf.key_in_header then
v = headers[name]
end

if not v and conf.key_in_query then
-- search in querystring
v = query[name]
end
Expand Down
2 changes: 2 additions & 0 deletions kong/plugins/key-auth/schema.lua
View file
Open in desktop
Expand Up @@ -17,6 +17,8 @@ return {
}, },
{ hide_credentials = { type = "boolean", default = false }, },
{ anonymous = { type = "string" }, },
{ key_in_header = { type = "boolean", default = true }, },
{ key_in_query = { type = "boolean", default = true }, },
{ key_in_body = { type = "boolean", default = false }, },
{ run_on_preflight = { type = "boolean", default = true }, },
},
Expand Down
2 changes: 2 additions & 0 deletions spec/01-unit/01-db/01-schema/07-plugins_spec.lua
View file
Open in desktop
Expand Up @@ -120,6 +120,8 @@ describe("plugins", function()
key_names = { "apikey" },
hide_credentials = false,
anonymous = ngx.null,
key_in_header = true,
key_in_query = true,
key_in_body = false,
run_on_preflight = true,
}, plugin.config)
Expand Down
8 changes: 8 additions & 0 deletions spec/01-unit/01-db/01-schema/11-declarative_config/02-process_auto_fields_spec.lua
View file
Open in desktop
Expand Up @@ -149,6 +149,8 @@ describe("declarative config: process_auto_fields", function()
protocols = { "grpc", "grpcs", "http", "https" },
config = {
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true,
Expand Down Expand Up @@ -199,6 +201,8 @@ describe("declarative config: process_auto_fields", function()
protocols = { "grpc", "grpcs", "http", "https" },
config = {
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true,
Expand Down Expand Up @@ -309,6 +313,8 @@ describe("declarative config: process_auto_fields", function()
protocols = { "grpc", "grpcs", "http", "https" },
config = {
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true,
Expand Down Expand Up @@ -616,6 +622,8 @@ describe("declarative config: process_auto_fields", function()
protocols = { "grpc", "grpcs", "http", "https" },
config = {
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true,
Expand Down
8 changes: 8 additions & 0 deletions spec/01-unit/01-db/01-schema/11-declarative_config/03-flatten_spec.lua
View file
Open in desktop
Expand Up @@ -299,6 +299,8 @@ describe("declarative config: flatten", function()
config = {
anonymous = null,
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true,
Expand Down Expand Up @@ -393,6 +395,8 @@ describe("declarative config: flatten", function()
config = {
anonymous = null,
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true
Expand Down Expand Up @@ -569,6 +573,8 @@ describe("declarative config: flatten", function()
config = {
anonymous = null,
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true
Expand Down Expand Up @@ -1055,6 +1061,8 @@ describe("declarative config: flatten", function()
config = {
anonymous = null,
hide_credentials = false,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
run_on_preflight = true
Expand Down
4 changes: 4 additions & 0 deletions spec/02-integration/03-db/03-plugins_spec.lua
View file
Open in desktop
Expand Up @@ -56,6 +56,8 @@ for _, strategy in helpers.each_strategy() do
config = {
hide_credentials = false,
run_on_preflight = true,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
},
Expand Down Expand Up @@ -128,6 +130,8 @@ for _, strategy in helpers.each_strategy() do
config = {
hide_credentials = false,
run_on_preflight = true,
key_in_header = true,
key_in_query = true,
key_in_body = false,
key_names = { "apikey" },
},
Expand Down
262 changes: 262 additions & 0 deletions spec/03-plugins/09-key-auth/02-access_spec.lua
View file
Open in desktop
Expand Up @@ -998,3 +998,265 @@ for _, strategy in helpers.each_strategy() do
end)
end)
end


for _, strategy in helpers.each_strategy() do
describe("Plugin: key-auth (access) [#" .. strategy .. "]", function()
lazy_setup(function()
local bp = helpers.get_db_utils(strategy, {
"routes",
"services",
"plugins",
"consumers",
"keyauth_credentials",
})

local consumer = bp.consumers:insert({ username = "bob" })
bp.keyauth_credentials:insert({ key = "right", consumer = { id = consumer.id } })
local service = bp.services:insert({ path = "/status/200" })

local r1 = bp.routes:insert({ paths = { "/ttt" }, service = service })
local r2 = bp.routes:insert({ paths = { "/ttf" }, service = service })
local r3 = bp.routes:insert({ paths = { "/tff" }, service = service })
local r4 = bp.routes:insert({ paths = { "/fff" }, service = service })
local r5 = bp.routes:insert({ paths = { "/fft" }, service = service })
local r6 = bp.routes:insert({ paths = { "/tft" }, service = service })
local r7 = bp.routes:insert({ paths = { "/ftf" }, service = service })

bp.plugins:insert({ name = "key-auth", route = r1, config = {
key_in_header = true, key_in_query = true, key_in_body = true }
})
bp.plugins:insert({ name = "key-auth", route = r2, config = {
key_in_header = true, key_in_query = true, key_in_body = false }
})
bp.plugins:insert({ name = "key-auth", route = r3, config = {
key_in_header = true, key_in_query = false, key_in_body = false }
})
bp.plugins:insert({ name = "key-auth", route = r4, config = {
key_in_header = false, key_in_query = false, key_in_body = false
}})
bp.plugins:insert({ name = "key-auth", route = r5, config = {
key_in_header = false, key_in_query = false, key_in_body = true
}})
bp.plugins:insert({ name = "key-auth", route = r6, config = {
key_in_header = true, key_in_query = false, key_in_body = true
}})
bp.plugins:insert({ name = "key-auth", route = r7, config = {
key_in_header = false, key_in_query = true, key_in_body = false
}})

assert(helpers.start_kong({
database = strategy,
nginx_conf = "spec/fixtures/custom_nginx.template",
}))
end)

lazy_teardown(function()
helpers.stop_kong()
end)

local tests = {
---header--query----body-----path----res---
{ "right", "right", "right", "/ttt", 200 }, -- 1
{ "right", "right", "right", "/ttf", 200 },
{ "right", "right", "right", "/tff", 200 },
{ "right", "right", "right", "/fff", 401 },
{ "right", "right", "right", "/fft", 200 },
{ "right", "right", "right", "/tft", 200 },
{ "right", "right", "right", "/ftf", 200 },
{ "right", "right", "wrong", "/ttt", 200 }, -- 8
{ "right", "right", "wrong", "/ttf", 200 },
{ "right", "right", "wrong", "/tff", 200 },
{ "right", "right", "wrong", "/fff", 401 },
{ "right", "right", "wrong", "/fft", 401 },
{ "right", "right", "wrong", "/tft", 200 },
{ "right", "right", "wrong", "/ftf", 200 },
{ "right", "wrong", "wrong", "/ttt", 200 }, -- 15
{ "right", "wrong", "wrong", "/ttf", 200 },
{ "right", "wrong", "wrong", "/tff", 200 },
{ "right", "wrong", "wrong", "/fff", 401 },
{ "right", "wrong", "wrong", "/fft", 401 },
{ "right", "wrong", "wrong", "/tft", 200 },
{ "right", "wrong", "wrong", "/ftf", 401 },
{ "wrong", "wrong", "wrong", "/ttt", 401 }, -- 22
{ "wrong", "wrong", "wrong", "/ttf", 401 },
{ "wrong", "wrong", "wrong", "/tff", 401 },
{ "wrong", "wrong", "wrong", "/fff", 401 },
{ "wrong", "wrong", "wrong", "/fft", 401 },
{ "wrong", "wrong", "wrong", "/tft", 401 },
{ "wrong", "wrong", "wrong", "/ftf", 401 },
{ "wrong", "wrong", "right", "/ttt", 401 }, -- 29
{ "wrong", "wrong", "right", "/ttf", 401 },
{ "wrong", "wrong", "right", "/tff", 401 },
{ "wrong", "wrong", "right", "/fff", 401 },
{ "wrong", "wrong", "right", "/fft", 200 },
{ "wrong", "wrong", "right", "/tft", 401 },
{ "wrong", "wrong", "right", "/ftf", 401 },
{ "right", "wrong", "right", "/ttt", 200 }, -- 36
{ "right", "wrong", "right", "/ttf", 200 },
{ "right", "wrong", "right", "/tff", 200 },
{ "right", "wrong", "right", "/fff", 401 },
{ "right", "wrong", "right", "/fft", 200 },
{ "right", "wrong", "right", "/tft", 200 },
{ "right", "wrong", "right", "/ftf", 401 },
{ "wrong", "right", "wrong", "/ttt", 401 }, -- 43
{ "wrong", "right", "wrong", "/ttf", 401 },
{ "wrong", "right", "wrong", "/tff", 401 },
{ "wrong", "right", "wrong", "/fff", 401 },
{ "wrong", "right", "wrong", "/fft", 401 },
{ "wrong", "right", "wrong", "/tft", 401 },
{ "wrong", "right", "wrong", "/ftf", 200 },
{ nil, nil, nil, "/ttt", 401 }, -- 50
{ nil, nil, nil, "/ttf", 401 },
{ nil, nil, nil, "/tff", 401 },
{ nil, nil, nil, "/fff", 401 },
{ nil, nil, nil, "/fft", 401 },
{ nil, nil, nil, "/tft", 401 },
{ nil, nil, nil, "/ftf", 401 },
{ nil, nil, "wrong", "/ttt", 401 }, -- 57
{ nil, nil, "wrong", "/ttf", 401 },
{ nil, nil, "wrong", "/tff", 401 },
{ nil, nil, "wrong", "/fff", 401 },
{ nil, nil, "wrong", "/fft", 401 },
{ nil, nil, "wrong", "/tft", 401 },
{ nil, nil, "wrong", "/ftf", 401 },
{ nil, "wrong", "wrong", "/ttt", 401 }, -- 64
{ nil, "wrong", "wrong", "/ttf", 401 },
{ nil, "wrong", "wrong", "/tff", 401 },
{ nil, "wrong", "wrong", "/fff", 401 },
{ nil, "wrong", "wrong", "/fft", 401 },
{ nil, "wrong", "wrong", "/tft", 401 },
{ nil, "wrong", "wrong", "/ftf", 401 },
{ "wrong", "wrong", nil, "/ttt", 401 }, -- 71
{ "wrong", "wrong", nil, "/ttf", 401 },
{ "wrong", "wrong", nil, "/tff", 401 },
{ "wrong", "wrong", nil, "/fff", 401 },
{ "wrong", "wrong", nil, "/fft", 401 },
{ "wrong", "wrong", nil, "/tft", 401 },
{ "wrong", "wrong", nil, "/ftf", 401 },
{ nil, "wrong", nil, "/ttt", 401 }, -- 78
{ nil, "wrong", nil, "/ttf", 401 },
{ nil, "wrong", nil, "/tff", 401 },
{ nil, "wrong", nil, "/fff", 401 },
{ nil, "wrong", nil, "/fft", 401 },
{ nil, "wrong", nil, "/tft", 401 },
{ nil, "wrong", nil, "/ftf", 401 },
{ "wrong", nil, "wrong", "/ttt", 401 }, -- 85
{ "wrong", nil, "wrong", "/ttf", 401 },
{ "wrong", nil, "wrong", "/tff", 401 },
{ "wrong", nil, "wrong", "/fff", 401 },
{ "wrong", nil, "wrong", "/fft", 401 },
{ "wrong", nil, "wrong", "/tft", 401 },
{ "wrong", nil, "wrong", "/ftf", 401 },
{ "right", "right", nil, "/ttt", 200 }, -- 92
{ "right", "right", nil, "/ttf", 200 },
{ "right", "right", nil, "/tff", 200 },
{ "right", "right", nil, "/fff", 401 },
{ "right", "right", nil, "/fft", 401 },
{ "right", "right", nil, "/tft", 200 },
{ "right", "right", nil, "/ftf", 200 },
{ "right", nil, nil, "/ttt", 200 }, -- 99
{ "right", nil, nil, "/ttf", 200 },
{ "right", nil, nil, "/tff", 200 },
{ "right", nil, nil, "/fff", 401 },
{ "right", nil, nil, "/fft", 401 },
{ "right", nil, nil, "/tft", 200 },
{ "right", nil, nil, "/ftf", 401 },
{ nil, nil, "right", "/ttt", 200 }, -- 106
{ nil, nil, "right", "/ttf", 401 },
{ nil, nil, "right", "/tff", 401 },
{ nil, nil, "right", "/fff", 401 },
{ nil, nil, "right", "/fft", 200 },
{ nil, nil, "right", "/tft", 200 },
{ nil, nil, "right", "/ftf", 401 },
{ "right", nil, "right", "/ttt", 200 }, -- 113
{ "right", nil, "right", "/ttf", 200 },
{ "right", nil, "right", "/tff", 200 },
{ "right", nil, "right", "/fff", 401 },
{ "right", nil, "right", "/fft", 200 },
{ "right", nil, "right", "/tft", 200 },
{ "right", nil, "right", "/ftf", 401 },
{ nil, "right", nil, "/ttt", 200 }, -- 120
{ nil, "right", nil, "/ttf", 200 },
{ nil, "right", nil, "/tff", 401 },
{ nil, "right", nil, "/fff", 401 },
{ nil, "right", nil, "/fft", 401 },
{ nil, "right", nil, "/tft", 401 },
{ nil, "right", nil, "/ftf", 200 },
{ nil, "right", "wrong", "/ttt", 200 }, -- 127
{ nil, "right", "wrong", "/ttf", 200 },
{ nil, "right", "wrong", "/tff", 401 },
{ nil, "right", "wrong", "/fff", 401 },
{ nil, "right", "wrong", "/fft", 401 },
{ nil, "right", "wrong", "/tft", 401 },
{ nil, "right", "wrong", "/ftf", 200 },
{ "right", "wrong", nil, "/ttt", 200 }, -- 134
{ "right", "wrong", nil, "/ttf", 200 },
{ "right", "wrong", nil, "/tff", 200 },
{ "right", "wrong", nil, "/fff", 401 },
{ "right", "wrong", nil, "/fft", 401 },
{ "right", "wrong", nil, "/tft", 200 },
{ "right", "wrong", nil, "/ftf", 401 },
{ "right", nil, "wrong", "/ttt", 200 }, -- 141
{ "right", nil, "wrong", "/ttf", 200 },
{ "right", nil, "wrong", "/tff", 200 },
{ "right", nil, "wrong", "/fff", 401 },
{ "right", nil, "wrong", "/fft", 401 },
{ "right", nil, "wrong", "/tft", 200 },
{ "right", nil, "wrong", "/ftf", 401 },
{ nil, "wrong", "right", "/ttt", 401 }, -- 148
{ nil, "wrong", "right", "/ttf", 401 },
{ nil, "wrong", "right", "/tff", 401 },
{ nil, "wrong", "right", "/fff", 401 },
{ nil, "wrong", "right", "/fft", 200 },
{ nil, "wrong", "right", "/tft", 200 },
{ nil, "wrong", "right", "/ftf", 401 },
{ "wrong", "right", nil, "/ttt", 401 }, -- 155
{ "wrong", "right", nil, "/ttf", 401 },
{ "wrong", "right", nil, "/tff", 401 },
{ "wrong", "right", nil, "/fff", 401 },
{ "wrong", "right", nil, "/fft", 401 },
{ "wrong", "right", nil, "/tft", 401 },
{ "wrong", "right", nil, "/ftf", 200 },
{ "wrong", nil, "right", "/ttt", 401 }, -- 162
{ "wrong", nil, "right", "/ttf", 401 },
{ "wrong", nil, "right", "/tff", 401 },
{ "wrong", nil, "right", "/fff", 401 },
{ "wrong", nil, "right", "/fft", 200 },
{ "wrong", nil, "right", "/tft", 401 },
{ "wrong", nil, "right", "/ftf", 401 },
}

for i, test in ipairs(tests) do
local header = test[1]
local query = ""
if test[2] then
query = "?apikey=" .. test[2]
end

local body
if test[3] then
body = "apikey=" .. test[3]
end

local path = test[4]

local input = string.sub(test[1] or "n", 1, 1) ..
string.sub(test[2] or "n", 1, 1) ..
string.sub(test[3] or "n", 1, 1)

it("combination #" .. i .. " (" .. input .. " => " .. string.sub(path, 2) .. ") works", function()
local proxy_client = helpers.proxy_client()
local res = proxy_client:post(path .. query, {
body = body,
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
["apikey"] = header,
},
})
assert.res_status(test[5], res)
proxy_client:close()
end)
end
end)
end