Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hmac-auth plugin results in an internal server error if the Authorization header is not matching #2951

Closed
mvanholsteijn opened this issue Oct 12, 2017 · 0 comments · Fixed by #2996

Comments

@mvanholsteijn
Copy link
Contributor

mvanholsteijn commented Oct 12, 2017

Summary

When the authorization header is not matching the HMAC expected header and you have specified enforced headers, the plugin throws a 500.

Steps To Reproduce

  1. add an api with a hmac-auth plugin.
apis:
  - name: demo
    attributes:
      upstream_url: https://httpbin.org
      uris: '/headers'
      strip_uri: false
      preserve_host: false
    plugins:
      - name: hmac-auth
        attributes:
          config:
            enforce_headers: [ 'date', 'request-line' ]
  1. just call the api with a non-matching header.
curl  -H 'Authorization: Bearer sdfsdfs'  \
         -H "x-date: $(date -u +'%a, %d %b %Y %H:%M:%S GMT')" \
         http://localhost:8000/headers

Additional Details & Logs

  • Kong version ($ kong version)
    0.11.0

  • Kong debug-level startup logs ($ kong start --vv)

  • Kong error logs (<KONG_PREFIX>/logs/error.log)

2017/10/12 12:16:59 [error] 425#0: *8319 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/kong/plugins/hmac-auth/access.lua:76: bad argument #1 to 'ipairs' (table expected, got nil)
stack traceback:
coroutine 0:
	[C]: in function 'ipairs'
	/usr/local/share/lua/5.1/kong/plugins/hmac-auth/access.lua:76: in function 'validate_params'
	/usr/local/share/lua/5.1/kong/plugins/hmac-auth/access.lua:273: in function 'do_authentication'
	/usr/local/share/lua/5.1/kong/plugins/hmac-auth/access.lua:320: in function 'execute'
	/usr/local/share/lua/5.1/kong/plugins/hmac-auth/handler.lua:14: in function 'access'
	/usr/local/share/lua/5.1/kong.lua:350: in function 'access'
	access_by_lua(nginx-kong.conf:91):2: in function <access_by_lua(nginx-kong.conf:91):1>,
  • Kong configuration (registered APIs/Plugins & configuration file)
    see above
  • Operating System
    Docker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant