Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support hide the authentication header in basic-auth with a config #6039

Merged
merged 30 commits into from
Jan 14, 2022
Merged
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
dc2570a
fix:
Sep 1, 2021
f0d6f6f
merge from upstream master
Sep 29, 2021
3845a27
Merge remote-tracking branch 'upstream/master'
Oct 15, 2021
db0c9e7
feature: support hide the authentication header in basic-auth plugin
mangoGoForward Jan 6, 2022
0cee869
add test case with hide auth header
mangoGoForward Jan 7, 2022
79ca875
Revert "fix: when eureka server return compressed data, use lua-zlib …
mangoGoForward Jan 7, 2022
9a9565c
remove blank line
mangoGoForward Jan 7, 2022
10d35fd
change default value of hide_auth_header to `true`
mangoGoForward Jan 7, 2022
c642635
change default value of hide_auth_header to `true`
mangoGoForward Jan 7, 2022
29d3077
fix code lint error
mangoGoForward Jan 7, 2022
1c42db0
fix code lint error
mangoGoForward Jan 7, 2022
7a663fa
Merge pull request #1 from mangoGoForward/feature/hide-auth-header
mangoGoForward Jan 7, 2022
6e8d684
hide Authentication request header if hide_auth_header is true
mangoGoForward Jan 7, 2022
ec3bec6
hide Authentication request header if hide_auth_header is true
mangoGoForward Jan 7, 2022
37076a7
Merge branch 'apache:master' into master
mangoGoForward Jan 10, 2022
484d05d
change config item `hide_auth_header` to `hide_credentials` and updat…
mangoGoForward Jan 10, 2022
63aa704
change config item `hide_auth_header` to `hide_credentials` and updat…
mangoGoForward Jan 10, 2022
210c9d5
add test cases to cover it
mangoGoForward Jan 10, 2022
cb53193
add test cases to cover it
mangoGoForward Jan 10, 2022
395ac1a
add test cases
mangoGoForward Jan 12, 2022
25602a7
add test cases
mangoGoForward Jan 12, 2022
41bb17e
update basic-auth doc
mangoGoForward Jan 12, 2022
49b7850
remove log_level
mangoGoForward Jan 12, 2022
a1deeef
Revert "feat: support hide the authentication header in basic-auth"
mangoGoForward Jan 14, 2022
4fc743f
Merge pull request #2 from mangoGoForward/revert-1-feature/hide-auth-…
mangoGoForward Jan 14, 2022
8440045
Merge branch 'master' into feature/hide-auth-header
mangoGoForward Jan 14, 2022
8531227
Revert "Revert "feat: support hide the authentication header in basic…
mangoGoForward Jan 14, 2022
31af04d
change en doc
mangoGoForward Jan 14, 2022
ccc46b6
change zh doc
mangoGoForward Jan 14, 2022
1b0ffe4
Merge branch 'apache:master' into feature/hide-auth-header
mangoGoForward Jan 14, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add test cases to cover it
Signed-off-by: mango <[email protected]>
mangoGoForward committed Jan 10, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 210c9d555415ab8949d4e4f953117be882ad7996
3 changes: 2 additions & 1 deletion apisix/plugins/basic-auth.lua
Original file line number Diff line number Diff line change
@@ -167,8 +167,9 @@ function _M.rewrite(conf, ctx)
end

-- 5. hide `Authentication` request header if `hide_credentials` is `true`
if conf.hide_credentials == true then
if conf.hide_credentials then
core.request.set_header(ctx, "Authentication", nil)
core.log.info("clear Authentication header of request")
end

consumer.attach_consumer(ctx, cur_consumer, consumer_conf)
2 changes: 1 addition & 1 deletion docs/en/latest/plugins/basic-auth.md
Original file line number Diff line number Diff line change
@@ -50,7 +50,7 @@ For route side:

| Name | Type | Requirement | Default | Valid | Description |
| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| hide_credentials | boolean | optional | false | | Whether to return the Authentication request headers to the upstream. |
| hide_credentials | boolean | optional | false | | Whether to pass the Authentication request headers to the upstream. |

## How To Enable

52 changes: 52 additions & 0 deletions t/plugin/basic-auth.t
Original file line number Diff line number Diff line change
@@ -356,3 +356,55 @@ GET /t
GET /t
--- no_error_log
[error]



=== TEST 15: enable basic auth plugin using admin api, set hide_credentials = true
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"basic-auth": {
"hide_credentials": true
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- no_error_log
[error]



=== TEST 16: verify
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we strengthen this case that we can make sure the header is really removed, rather than just checking out the log.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am ashamed not found such parse in project of test-nginx, how could we detect request header?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try response_headers ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The response_headers data section can be used to validate response header entries, but Authorization is request header, so I don't know whether response_headers can used in this test case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can mock an upstream, and check headers in upstream, take a look at:

location / {
content_by_lua_block {
local core = require("apisix.core")
core.log.info("upstream_http_version: ", ngx.req.http_version())
local headers_tab = ngx.req.get_headers()
local headers_key = {}
for k in pairs(headers_tab) do
core.table.insert(headers_key, k)
end
core.table.sort(headers_key)
for _, v in pairs(headers_key) do
core.log.info(v, ": ", headers_tab[v])
end
core.log.info("uri: ", ngx.var.request_uri)
ngx.say("hello world")
}
}
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. please see cb53193

--- request
GET /hello
--- more_headers
Authorization: Basic Zm9vOmJhcg==
--- response_body
hello world
--- no_error_log
[error]
--- error_log
clear Authentication header of request