-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(plugins) anonymous authentication in auth plugins #1666
Conversation
wouldn't this automatically add multi-auth support (in a logical OR fashion?) |
@Tieske yes, if all of them have |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving, because the comments are only minor, overall LGTM.
@@ -101,7 +105,7 @@ function _M.execute(conf) | |||
end | |||
|
|||
if not credential or not validate_credentials(credential, given_password) then | |||
return responses.send_HTTP_FORBIDDEN("Invalid authentication credentials") | |||
return false, {status = 403, message = "Invalid authentication credentials"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not just return success
, statuscode
, message
without creating the intermediate table? More efficient and less GC.
same for the other plugins
ngx_set_header(constants.HEADERS.CONSUMER_ID, consumer.id) | ||
ngx_set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id) | ||
ngx_set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username) | ||
ngx_set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can't we cache those constants locally? the above are 15 table lookups
same for the other plugins
@@ -26,7 +26,8 @@ return { | |||
RATELIMIT_REMAINING = "X-RateLimit-Remaining", | |||
CONSUMER_GROUPS = "X-Consumer-Groups", | |||
FORWARDED_HOST = "X-Forwarded-Host", | |||
FORWARDED_PREFIX = "X-Forwarded-Prefix" | |||
FORWARDED_PREFIX = "X-Forwarded-Prefix", | |||
ANONYMOUS = "X-Anonymous-Consumer" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use trailing comma for table constructors, to keep the diff clean
same for the other plugins
+1 |
Thanks Tieske. So it looks like if I want to force one authentication or the other it is not possible. Excluding the anonymous access. So as I see it we should be defining 2 paths to accomplish this. right? |
Summary
Adds support for anonymous authentication in every authentication plugin. When
config.anonymous=true
, even non-authenticated requests are allowed and the plugins will append aX-Anonymous-Consumer: true
header to the upstream request.Full changelog
anonymous
consumersanonymous
consumersanonymous
consumersanonymous
consumersanonymous
consumersanonymous
consumersIssues resolved
Fix #853.