feat(hmac-auth) set generic X-Credential-Identifier (deprecating X-Cr…

…edential-Username) ### Summary The PR #4993 implemented `X-Credential-Identifier` for `JWT Plugin` and it was decided at time that we should add support for this less opinionated field name on other auth plugins too. This commit adds it to `HMAC Auth Plugin`.
Kong · Feb 3, 2020 · 5bdcfac · 5bdcfac
1 parent 74d2311
commit 5bdcfac
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 15 deletions.
diff --git a/kong/plugins/hmac-auth/access.lua b/kong/plugins/hmac-auth/access.lua
@@ -236,6 +236,8 @@ end
 
 
 local function set_consumer(consumer, credential)
+  kong.client.authenticate(consumer, credential)
+
   local set_header = kong.service.request.set_header
   local clear_header = kong.service.request.clear_header
 
@@ -257,19 +259,17 @@ local function set_consumer(consumer, credential)
     clear_header(constants.HEADERS.CONSUMER_USERNAME)
   end
 
-  kong.client.authenticate(consumer, credential)
+  if credential and credential.username then
+    set_header(constants.HEADERS.CREDENTIAL_IDENTIFIER, credential.username)
+    set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)
+  else
+    clear_header(constants.HEADERS.CREDENTIAL_IDENTIFIER)
+    clear_header(constants.HEADERS.CREDENTIAL_USERNAME)
+  end
 
   if credential then
-    if credential.username then
-      set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username)
-    else
-      clear_header(constants.HEADERS.CREDENTIAL_USERNAME)
-    end
-
     clear_header(constants.HEADERS.ANONYMOUS)
-
   else
-    clear_header(constants.HEADERS.CREDENTIAL_USERNAME)
     set_header(constants.HEADERS.ANONYMOUS, true)
   end
 end
@@ -373,7 +373,7 @@ function _M.execute(conf)
         return kong.response.exit(500, { message = "An unexpected error occurred" })
       end
 
-      set_consumer(consumer, nil)
+      set_consumer(consumer)
 
     else
       return kong.response.exit(err.status, { message = err.message }, err.headers)

diff --git a/kong/plugins/hmac-auth/handler.lua b/kong/plugins/hmac-auth/handler.lua
@@ -2,16 +2,15 @@
 local access = require "kong.plugins.hmac-auth.access"
 
 
-local HMACAuthHandler = {}
+local HMACAuthHandler = {
+  PRIORITY = 1000,
+  VERSION = "2.2.0",
+}
 
 
 function HMACAuthHandler:access(conf)
   access.execute(conf)
 end
 
 
-HMACAuthHandler.PRIORITY = 1000
-HMACAuthHandler.VERSION = "2.1.0"
-
-
 return HMACAuthHandler
diff --git a/spec/03-plugins/19-hmac-auth/03-access_spec.lua b/spec/03-plugins/19-hmac-auth/03-access_spec.lua
@@ -723,6 +723,7 @@ for _, strategy in helpers.each_strategy() do
         local parsed_body = cjson.decode(body)
         assert.equal(consumer.id, parsed_body.headers["x-consumer-id"])
         assert.equal(consumer.username, parsed_body.headers["x-consumer-username"])
+        assert.equal(credential.username, parsed_body.headers["x-credential-identifier"])
         assert.equal(credential.username, parsed_body.headers["x-credential-username"])
         assert.is_nil(parsed_body.headers["x-anonymous-consumer"])
       end)
@@ -909,6 +910,8 @@ for _, strategy in helpers.each_strategy() do
         body = cjson.decode(body)
         assert.equal(hmacAuth, body.headers["authorization"])
         assert.equal("bob", body.headers["x-consumer-username"])
+        assert.equal(credential.username, body.headers["x-credential-identifier"])
+        assert.equal(credential.username, body.headers["x-credential-username"])
         assert.is_nil(body.headers["x-anonymous-consumer"])
       end)
 
@@ -992,6 +995,9 @@ for _, strategy in helpers.each_strategy() do
         body = cjson.decode(body)
         assert.equal("true", body.headers["x-anonymous-consumer"])
         assert.equal('no-body', body.headers["x-consumer-username"])
+        assert.equal(nil, body.headers["x-credential-identifier"])
+        assert.equal(nil, body.headers["x-credential-username"])
+
       end)
       it("errors when anonymous user doesn't exist", function()
         finally(function()