Merge a9226a1 into 77d5f0a

api.go

@@ -78,16 +78,16 @@ func allowMethods(next http.HandlerFunc, methods ...string) http.HandlerFunc {
 	}
 }
 
-func getSpecForOrg(apiID string) *APISpec {
+func getSpecForOrg(orgID string) *APISpec {
 	apisMu.RLock()
 	defer apisMu.RUnlock()
 	for _, v := range apisByID {
-		if v.OrgID == apiID {
+		if v.OrgID == orgID {
 			return v
 		}
 	}
 
-	// If we can't find a spec, it doesn;t matter, because we default to Redis anyway, grab whatever you can find
+	// If we can't find a spec, it doesn't matter, because we default to Redis anyway, grab whatever you can find
 	for _, v := range apisByID {
 		return v
 	}
@@ -656,6 +656,26 @@ func keyHandler(w http.ResponseWriter, r *http.Request) {
 	keyName := mux.Vars(r)["keyName"]
 	apiID := r.URL.Query().Get("api_id")
 	isHashed := r.URL.Query().Get("hashed") != ""
+	isUserName := r.URL.Query().Get("username") == "true"
+
+	// check if passed key is user name and convert it to real key with respect to current hashing algorithm
+	if r.Method != http.MethodPost && isUserName {
+		orgID := "default"
+		// check if we have real orgID
+		if !strings.HasPrefix(keyName, "default") && len(keyName) > 24 {
+			orgID = keyName[:24]
+		}
+		// check if organization ID is real
+		if spec := getSpecForOrg(orgID); spec == nil {
+			doJSONWrite(
+				w,
+				http.StatusNotFound,
+				apiError("Key not found"),
+			)
+			return
+		}
+		keyName = generateToken(orgID, keyName)
+	}
 
 	var obj interface{}
 	var code int

api_test.go

@@ -299,6 +299,12 @@ func TestHashKeyHandler(t *testing.T) {
 		t.Run(fmt.Sprintf("%sHash fn: %s", tc.desc, tc.hashFunction), func(t *testing.T) {
 			testHashKeyHandlerHelper(t, tc.expectedHashSize)
 		})
+		t.Run(fmt.Sprintf("%sHash fn: %s and Basic Auth with default OrgID", tc.desc, tc.hashFunction), func(t *testing.T) {
+			testHashFuncAndBAHelper(t, "default")
+		})
+		t.Run(fmt.Sprintf("%sHash fn: %s and Basic Auth with real OrgID", tc.desc, tc.hashFunction), func(t *testing.T) {
+			testHashFuncAndBAHelper(t, "5b5fd341e6355b5eb194765e")
+		})
 	}
 }
 
@@ -419,6 +425,38 @@ func testHashKeyHandlerHelper(t *testing.T, expectedHashSize int) {
 	})
 }
 
+func testHashFuncAndBAHelper(t *testing.T, orgID string) {
+	ts := newTykTestServer()
+	defer ts.Close()
+
+	session := testPrepareBasicAuthWithOrgID(false, orgID)
+
+	userName := orgID + "user"
+
+	ts.Run(t, []test.TestCase{
+		{
+			Method:    "POST",
+			Path:      "/tyk/keys/" + userName,
+			Data:      session,
+			AdminAuth: true,
+			Code:      200,
+		},
+		{
+			Method:    "GET",
+			Path:      "/tyk/keys/" + userName + "?username=true",
+			AdminAuth: true,
+			Code:      200,
+		},
+		{
+			Method:    "DELETE",
+			Path:      "/tyk/keys/" + userName + "?username=true",
+			AdminAuth: true,
+			Code:      200,
+			BodyMatch: `"action":"deleted"`,
+		},
+	}...)
+}
+
 func TestHashKeyListingDisabled(t *testing.T) {
 	globalConf := config.Global()
 	// make it to use hashes for Redis keys

mw_basic_auth_test.go

@@ -35,6 +35,23 @@ func testPrepareBasicAuth(cacheDisabled bool) *user.SessionState {
 	return session
 }
 
+func testPrepareBasicAuthWithOrgID(cacheDisabled bool, orgID string) *user.SessionState {
+	session := createStandardSession()
+	session.BasicAuthData.Password = "password"
+	session.AccessRights = map[string]user.AccessDefinition{"test": {APIID: "test", Versions: []string{"v1"}}}
+	session.OrgID = orgID
+
+	buildAndLoadAPI(func(spec *APISpec) {
+		spec.UseBasicAuth = true
+		spec.BasicAuth.DisableCaching = cacheDisabled
+		spec.UseKeylessAccess = false
+		spec.Proxy.ListenPath = "/"
+		spec.OrgID = orgID
+	})
+
+	return session
+}
+
 func TestBasicAuth(t *testing.T) {
 	ts := newTykTestServer()
 	defer ts.Close()