From 31af70874b48c31c1b98ee0ba78f04288176677a Mon Sep 17 00:00:00 2001 From: Robert Paprocki Date: Thu, 2 Mar 2017 12:22:55 -0800 Subject: [PATCH] fix(hmac-auth) generate a credential secret if none provided Since the credential secret is required to compute the signature, create a random secret which will be displayed back to the user as part of the response body. This fixes issue #2143. --- CHANGELOG.md | 9 ++++++++- kong/plugins/hmac-auth/daos.lua | 4 +++- spec/03-plugins/20-hmac-auth/02-api_spec.lua | 14 ++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2e68abbedeb..ffcdfbc6e569 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ ## [Unreleased][unreleased] -## [0.10.0] - 2017/03/07 +### Fixed + +- Plugins: + - hmac: generate an HMAC secret value if none is provided. + [#2158](https://github.com/Mashape/kong/pull/2158) + + +## [0.10.0] - 2016/03/07 Kong 0.10 is one of most significant releases to this day. It ships with exciting new features that have been havily requested for the last few months, diff --git a/kong/plugins/hmac-auth/daos.lua b/kong/plugins/hmac-auth/daos.lua index 3e8c0ad572dc..0e95f2b43a12 100644 --- a/kong/plugins/hmac-auth/daos.lua +++ b/kong/plugins/hmac-auth/daos.lua @@ -1,3 +1,5 @@ +local utils = require "kong.tools.utils" + local SCHEMA = { primary_key = {"id"}, table = "hmacauth_credentials", @@ -6,7 +8,7 @@ local SCHEMA = { created_at = {type = "timestamp", immutable = true, dao_insert_value = true}, consumer_id = {type = "id", required = true, foreign = "consumers:id"}, username = {type = "string", required = true, unique = true}, - secret = {type = "string"} + secret = {type = "string", default = utils.random_string} }, marshall_event = function(self, t) return {id = t.id, consumer_id = t.consumer_id, username = t.username} diff --git a/spec/03-plugins/20-hmac-auth/02-api_spec.lua b/spec/03-plugins/20-hmac-auth/02-api_spec.lua index fa7546eca744..72532bfabbe2 100644 --- a/spec/03-plugins/20-hmac-auth/02-api_spec.lua +++ b/spec/03-plugins/20-hmac-auth/02-api_spec.lua @@ -39,6 +39,20 @@ describe("Plugin: hmac-auth (API)", function() credential = cjson.decode(body) assert.equal(consumer.id, credential.consumer_id) end) + it("[SUCCESS] should create a hmac-auth credential with a random secret", function() + local res = assert(client:send { + method = "POST", + path = "/consumers/bob/hmac-auth/", + body = { + username = "bob", + }, + headers = {["Content-Type"] = "application/json"} + }) + + local body = assert.res_status(201, res) + credential = cjson.decode(body) + assert.is.not_nil(credential.secret) + end) it("[FAILURE] should return proper errors", function() local res = assert(client:send { method = "POST",