2020-09-16 14:27:56 +08:00
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan' ;
repeat_each ( 2 ) ;
no_long_string ( ) ;
no_root_location ( ) ;
no_shuffle ( ) ;
run_tests ;
__DATA__
=== TEST 1 : add consumer with username and plugins
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "jack" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key" ,
2020-09-28 09:10:26 +08:00
"secret_key" : "my-secret-key" ,
"clock_skew" : 10
2020-09-16 14:27:56 +08:00
}
}
} ] ] ,
[ [ {
"node" : {
"value" : {
"username" : "jack" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key" ,
"secret_key" : "my-secret-key" ,
"algorithm" : "hmac-sha256" ,
2020-09-28 09:10:26 +08:00
"clock_skew" : 10
2020-09-16 14:27:56 +08:00
}
}
}
} ,
"action" : "set"
} ] ]
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 2 : add consumer with plugin hmac - auth - missing secret key
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "foo" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "user-key"
}
}
} ] ] )
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body eval
2020-10-11 19:18:37 +08:00
qr/\{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin hmac-auth err: property \\"secret_key\\" is required"\}/
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
=== TEST 3 : add consumer with plugin hmac - auth - missing access key
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "bar" ,
"plugins" : {
"hmac-auth" : {
"secret_key" : "skey"
}
}
} ] ] )
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body eval
2020-10-11 19:18:37 +08:00
qr/\{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin hmac-auth err: property \\"access_key\\" is required"\}/
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
=== TEST 4 : add consumer with plugin hmac - auth - access key exceeds the length limit
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "li" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "akeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakeyakey" ,
"secret_key" : "skey"
}
}
} ] ] )
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body eval
2020-10-11 19:18:37 +08:00
qr/\{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin hmac-auth err: property \\"access_key\\" validation failed: string too long, expected at most 256, got 320"\}/
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
=== TEST 5 : add consumer with plugin hmac - auth - access key exceeds the length limit
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "zhang" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "akey" ,
"secret_key" : "skeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskeyskey"
}
}
} ] ] )
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body eval
2020-10-11 19:18:37 +08:00
qr/\{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin hmac-auth err: property \\"secret_key\\" validation failed: string too long, expected at most 256, got 384"\}/
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
=== TEST 6 : enable hmac auth plugin using admin api
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"hmac-auth" : { }
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 7 : verify , missing signature
- - - request
GET / hello
- - - error_code: 401
- - - response_body
{ "message" : "access key or signature missing" }
- - - no_error_log
[ error ]
=== TEST 8 : verify: invalid access key
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: hmac - sha256
2020-09-28 09:10:26 +08:00
Date: Thu , 24 Sep 2020 06 : 39 : 52 GMT
2020-09-16 14:27:56 +08:00
X - HMAC - ACCESS - KEY: sdf
- - - error_code: 401
- - - response_body
{ "message" : "Invalid access key" }
- - - no_error_log
[ error ]
=== TEST 9 : verify: invalid algorithm
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: ljlj
2020-09-28 09:10:26 +08:00
Date: Thu , 24 Sep 2020 06 : 39 : 52 GMT
2020-09-16 14:27:56 +08:00
X - HMAC - ACCESS - KEY: my - access - key
- - - error_code: 401
- - - response_body
{ "message" : "algorithm ljlj not supported" }
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 10 : verify: Clock skew exceeded
2020-09-16 14:27:56 +08:00
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: hmac - sha256
2020-09-28 09:10:26 +08:00
Date: Thu , 24 Sep 2020 06 : 39 : 52 GMT
2020-09-16 14:27:56 +08:00
X - HMAC - ACCESS - KEY: my - access - key
- - - error_code: 401
- - - response_body
2020-09-28 09:10:26 +08:00
{ "message" : "Clock skew exceeded" }
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 11 : verify: missing Date
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: hmac - sha256
X - HMAC - ACCESS - KEY: my - access - key
- - - error_code: 401
- - - response_body
{ "message" : "Invalid GMT format time" }
- - - no_error_log
[ error ]
=== TEST 12 : verify: Invalid GMT format time
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: hmac - sha256
Date: adfsdf
X - HMAC - ACCESS - KEY: my - access - key
- - - error_code: 401
- - - response_body
{ "message" : "Invalid GMT format time" }
- - - no_error_log
[ error ]
=== TEST 13 : verify: ok
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
2020-09-28 09:10:26 +08:00
local ngx_http_time = ngx . http_time
2020-09-16 14:27:56 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
local secret_key = "my-secret-key"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-16 14:27:56 +08:00
local access_key = "my-access-key"
2020-09-18 20:25:41 +08:00
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
2020-10-04 19:57:57 +08:00
local signing_string = {
"GET" ,
"/hello" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-04 19:57:57 +08:00
core . log . info ( "signing_string:" , signing_string )
2020-09-16 14:27:56 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
2020-09-28 09:10:26 +08:00
headers [ "Date" ] = gmt
2020-09-16 14:27:56 +08:00
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
2020-09-18 20:25:41 +08:00
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
2020-09-16 14:27:56 +08:00
local code , body = t . test ( '/hello' ,
ngx . HTTP_GET ,
"" ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 14 : add consumer with 0 clock skew
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "robin" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key3" ,
"secret_key" : "my-secret-key3" ,
"clock_skew" : 0
}
}
} ] ] ,
[ [ {
"node" : {
"value" : {
"username" : "robin" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key3" ,
"secret_key" : "my-secret-key3" ,
"algorithm" : "hmac-sha256" ,
"clock_skew" : 0
}
}
}
} ,
"action" : "set"
} ] ]
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 15 : verify: invalid signature
2020-09-16 14:27:56 +08:00
- - - request
GET / hello
- - - more_headers
X - HMAC - SIGNATURE: asdf
X - HMAC - ALGORITHM: hmac - sha256
2020-09-28 09:10:26 +08:00
Date: Thu , 24 Sep 2020 06 : 39 : 52 GMT
2020-09-16 14:27:56 +08:00
X - HMAC - ACCESS - KEY: my - access - key3
- - - error_code: 401
- - - response_body
{ "message" : "Invalid signature" }
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 16 : add consumer with 1 clock skew
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "pony" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key2" ,
"secret_key" : "my-secret-key2" ,
"clock_skew" : 1
}
}
} ] ] ,
[ [ {
"node" : {
"value" : {
"username" : "pony" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key2" ,
"secret_key" : "my-secret-key2" ,
"algorithm" : "hmac-sha256" ,
"clock_skew" : 1
}
}
}
} ,
"action" : "set"
} ] ]
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 17 : verify: Invalid GMT format time
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
2020-09-28 09:10:26 +08:00
local ngx_http_time = ngx . http_time
2020-09-16 14:27:56 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
local secret_key = "my-secret-key2"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-16 14:27:56 +08:00
local access_key = "my-access-key2"
2020-09-18 20:25:41 +08:00
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
2020-10-04 19:57:57 +08:00
2020-09-16 14:27:56 +08:00
ngx . sleep ( 2 )
2020-09-18 20:25:41 +08:00
local signing_string = "GET" .. "/hello" .. "" ..
2020-09-28 09:10:26 +08:00
access_key .. gmt .. custom_header_a .. custom_header_b
2020-09-18 20:25:41 +08:00
2020-09-16 14:27:56 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
2020-09-28 09:10:26 +08:00
headers [ "Date" ] = gmt
2020-09-16 14:27:56 +08:00
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
2020-09-18 20:25:41 +08:00
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
2020-09-16 14:27:56 +08:00
local code , body = t . test ( '/hello' ,
ngx . HTTP_GET ,
core . json . encode ( data ) ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 401
- - - response_body eval
2020-09-28 09:10:26 +08:00
qr/\{"message":"Clock skew exceeded"\}/
2020-09-16 14:27:56 +08:00
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 18 : verify: put ok
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
2020-09-28 09:10:26 +08:00
local ngx_time = ngx . time
local ngx_http_time = ngx . http_time
2020-09-16 14:27:56 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
local data = { cert = "ssl_cert" , key = "ssl_key" , sni = "test.com" }
local req_body = core . json . encode ( data )
req_body = req_body or ""
local secret_key = "my-secret-key"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-16 14:27:56 +08:00
local access_key = "my-access-key"
2020-09-18 20:25:41 +08:00
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
2020-10-04 19:57:57 +08:00
local signing_string = {
"PUT" ,
"/hello" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-04 19:57:57 +08:00
core . log . info ( "signing_string:" , signing_string )
2020-09-16 14:27:56 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
2020-09-28 09:10:26 +08:00
headers [ "Date" ] = gmt
2020-09-16 14:27:56 +08:00
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
2020-09-18 20:25:41 +08:00
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
2020-09-16 14:27:56 +08:00
local code , body = t . test ( '/hello' ,
ngx . HTTP_PUT ,
req_body ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 19 : verify: put ok ( pass auth data by header `Authorization` )
2020-09-16 14:27:56 +08:00
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
2020-09-28 09:10:26 +08:00
local ngx_http_time = ngx . http_time
2020-09-16 14:27:56 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
2020-09-18 20:25:41 +08:00
local data = { cert = "ssl_cert" , key = "ssl_key" , sni = "test.com" }
2020-09-16 14:27:56 +08:00
local req_body = core . json . encode ( data )
req_body = req_body or ""
local secret_key = "my-secret-key"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-16 14:27:56 +08:00
local access_key = "my-access-key"
2020-09-18 20:25:41 +08:00
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
2020-09-16 14:27:56 +08:00
2020-10-04 19:57:57 +08:00
local signing_string = {
"PUT" ,
"/hello" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-04 19:57:57 +08:00
2020-09-18 20:25:41 +08:00
core . log . info ( "signing_string:" , signing_string )
2020-09-16 14:27:56 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
2020-09-28 09:10:26 +08:00
local auth_string = "hmac-auth-v1#" .. access_key .. "#" .. ngx_encode_base64 ( signature ) .. "#" ..
"hmac-sha256#" .. gmt .. "#x-custom-header-a;x-custom-header-b"
2020-10-04 19:57:57 +08:00
2020-09-16 14:27:56 +08:00
local headers = { }
headers [ "Authorization" ] = auth_string
2020-09-18 20:25:41 +08:00
headers [ "x-custom-header-a" ] = custom_header_a
2020-10-04 19:57:57 +08:00
headers [ "x-custom-header-b" ] = custom_header_b
2020-09-16 14:27:56 +08:00
local code , body = t . test ( '/hello' ,
ngx . HTTP_PUT ,
req_body ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 20 : hit route without auth info
2020-09-16 14:27:56 +08:00
- - - request
GET / hello
- - - error_code: 401
- - - response_body
{ "message" : "access key or signature missing" }
- - - no_error_log
[ error ]
2020-09-18 20:25:41 +08:00
2020-09-28 09:10:26 +08:00
=== TEST 21 : add consumer with signed_headers
2020-09-18 20:25:41 +08:00
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "cook" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key5" ,
"secret_key" : "my-secret-key5" ,
"signed_headers" : [ "x-custom-header-a" , "x-custom-header-b" ]
}
}
} ] ] ,
[ [ {
"node" : {
"value" : {
"username" : "cook" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key5" ,
"secret_key" : "my-secret-key5" ,
"algorithm" : "hmac-sha256" ,
2020-09-28 09:10:26 +08:00
"clock_skew" : 0 ,
2020-09-18 20:25:41 +08:00
"signed_headers" : [ "x-custom-header-a" , "x-custom-header-b" ]
}
}
}
} ,
"action" : "set"
} ] ]
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 22 : verify with invalid signed header
2020-09-18 20:25:41 +08:00
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
2020-09-28 09:10:26 +08:00
local ngx_http_time = ngx . http_time
2020-09-18 20:25:41 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
local secret_key = "my-secret-key5"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-18 20:25:41 +08:00
local access_key = "my-access-key5"
local custom_header_a = "asld$%dfasf"
local custom_header_c = "23879fmsldfk"
local signing_string = "GET" .. "/hello" .. "" ..
2020-09-28 09:10:26 +08:00
access_key .. gmt .. custom_header_a .. custom_header_c
2020-09-18 20:25:41 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
2020-09-28 09:10:26 +08:00
headers [ "Date" ] = gmt
2020-09-18 20:25:41 +08:00
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-c"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-c" ] = custom_header_c
local code , body = t . test ( '/hello' ,
ngx . HTTP_GET ,
"" ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 401
- - - response_body eval
qr/\{"message":"Invalid signed header x-custom-header-c"\}/
- - - no_error_log
[ error ]
2020-09-28 09:10:26 +08:00
=== TEST 23 : verify ok with signed headers
2020-09-18 20:25:41 +08:00
- - - config
location / t {
content_by_lua_block {
2020-09-28 09:10:26 +08:00
local ngx_time = ngx . time
local ngx_http_time = ngx . http_time
2020-09-18 20:25:41 +08:00
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_encode_base64 = ngx . encode_base64
local secret_key = "my-secret-key5"
local timestamp = ngx_time ( )
2020-09-28 09:10:26 +08:00
local gmt = ngx_http_time ( timestamp )
2020-09-18 20:25:41 +08:00
local access_key = "my-access-key5"
local custom_header_a = "asld$%dfasf"
2020-10-04 19:57:57 +08:00
local signing_string = {
"GET" ,
"/hello" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-09-18 20:25:41 +08:00
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
2020-09-28 09:10:26 +08:00
headers [ "date" ] = gmt
2020-09-18 20:25:41 +08:00
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a"
headers [ "x-custom-header-a" ] = custom_header_a
local code , body = t . test ( '/hello' ,
ngx . HTTP_GET ,
"" ,
nil ,
headers
)
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
2020-10-11 19:18:37 +08:00
=== TEST 24 : add consumer with plugin hmac - auth - empty configuration
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "foo" ,
"plugins" : {
"hmac-auth" : {
}
}
} ] ] )
ngx . status = code
ngx . say ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body eval
qr/\{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin hmac-auth err: property \\"secret_key\\" is required"\}/
- - - no_error_log
[ error ]
2020-10-25 07:33:11 +08:00
=== TEST 25 : enable the hmac auth plugin
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"hmac-auth" : { }
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/uri"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 26 : keep_headers field is empty
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "james" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key4" ,
"secret_key" : "my-secret-key4"
}
}
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 27 : verify pass ( keep_headers field is empty ) , remove http request header
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
local ngx_http_time = ngx . http_time
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_re = require ( "ngx.re" )
local ngx_encode_base64 = ngx . encode_base64
local data = { cert = "ssl_cert" , key = "ssl_key" , sni = "test.com" }
local req_body = core . json . encode ( data )
req_body = req_body or ""
local secret_key = "my-secret-key4"
local timestamp = ngx_time ( )
local gmt = ngx_http_time ( timestamp )
local access_key = "my-access-key4"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
local signing_string = {
"PUT" ,
"/uri" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-25 07:33:11 +08:00
core . log . info ( "signing_string:" , signing_string )
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
headers [ "Date" ] = gmt
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
local code , _ , body = t . test ( '/uri' ,
ngx . HTTP_PUT ,
req_body ,
nil ,
headers
)
if code >= 300 then
ngx . status = code
end
local headers_arr = ngx_re . split ( body , "\n" )
for i , v in ipairs ( headers_arr ) do
if i ~= 4 then - - skip date
ngx . say ( v )
end
end
}
}
- - - request
GET / t
- - - response_body
uri: / uri
host: 127.0 .0 .1
content - type: application / x - www - form - urlencoded
x - real - ip: 127.0 .0 .1
content - length : 52
x - custom - header - b: 23879 fmsldfk
x - hmac - access - key: my - access - key4
user - agent: lua - resty - http /0.14 (Lua) ngx_lua/ 10017
x - custom - header - a: asld $% dfasf
- - - no_error_log
[ error ]
=== TEST 28 : keep_headers field is false
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "james" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key4" ,
"secret_key" : "my-secret-key4" ,
"keep_headers" : false
}
}
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 29 : verify pass ( keep_headers field is false ) , remove http request header
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
local ngx_http_time = ngx . http_time
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_re = require ( "ngx.re" )
local ngx_encode_base64 = ngx . encode_base64
local data = { cert = "ssl_cert" , key = "ssl_key" , sni = "test.com" }
local req_body = core . json . encode ( data )
req_body = req_body or ""
local secret_key = "my-secret-key4"
local timestamp = ngx_time ( )
local gmt = ngx_http_time ( timestamp )
local access_key = "my-access-key4"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
local signing_string = {
"PUT" ,
"/uri" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-25 07:33:11 +08:00
core . log . info ( "signing_string:" , signing_string )
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
headers [ "Date" ] = gmt
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
local code , _ , body = t . test ( '/uri' ,
ngx . HTTP_PUT ,
req_body ,
nil ,
headers
)
if code >= 300 then
ngx . status = code
end
local headers_arr = ngx_re . split ( body , "\n" )
for i , v in ipairs ( headers_arr ) do
if i ~= 4 then - - skip date
ngx . say ( v )
end
end
}
}
- - - request
GET / t
- - - response_body
uri: / uri
host: 127.0 .0 .1
content - type: application / x - www - form - urlencoded
x - real - ip: 127.0 .0 .1
content - length : 52
x - custom - header - b: 23879 fmsldfk
x - hmac - access - key: my - access - key4
user - agent: lua - resty - http /0.14 (Lua) ngx_lua/ 10017
x - custom - header - a: asld $% dfasf
- - - no_error_log
[ error ]
=== TEST 30 : keep_headers field is true
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/consumers' ,
ngx . HTTP_PUT ,
[ [ {
"username" : "james" ,
"plugins" : {
"hmac-auth" : {
"access_key" : "my-access-key4" ,
"secret_key" : "my-secret-key4" ,
"keep_headers" : true
}
}
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 31 : verify pass ( keep_headers field is true ) , keep http request header
- - - config
location / t {
content_by_lua_block {
local ngx_time = ngx . time
local ngx_http_time = ngx . http_time
local core = require ( "apisix.core" )
local t = require ( "lib.test_admin" )
local hmac = require ( "resty.hmac" )
local ngx_re = require ( "ngx.re" )
local ngx_encode_base64 = ngx . encode_base64
local data = { cert = "ssl_cert" , key = "ssl_key" , sni = "test.com" }
local req_body = core . json . encode ( data )
req_body = req_body or ""
local secret_key = "my-secret-key4"
local timestamp = ngx_time ( )
local gmt = ngx_http_time ( timestamp )
local access_key = "my-access-key4"
local custom_header_a = "asld$%dfasf"
local custom_header_b = "23879fmsldfk"
local signing_string = {
"PUT" ,
"/uri" ,
"" ,
access_key ,
gmt ,
"x-custom-header-a:" .. custom_header_a ,
"x-custom-header-b:" .. custom_header_b
}
2020-10-28 13:37:22 +08:00
signing_string = core . table . concat ( signing_string , "\n" ) .. "\n"
2020-10-25 07:33:11 +08:00
core . log . info ( "signing_string:" , signing_string )
local signature = hmac:new ( secret_key , hmac . ALGOS . SHA256 ) : final ( signing_string )
core . log . info ( "signature:" , ngx_encode_base64 ( signature ) )
local headers = { }
headers [ "X-HMAC-SIGNATURE" ] = ngx_encode_base64 ( signature )
headers [ "X-HMAC-ALGORITHM" ] = "hmac-sha256"
headers [ "Date" ] = gmt
headers [ "X-HMAC-ACCESS-KEY" ] = access_key
headers [ "X-HMAC-SIGNED-HEADERS" ] = "x-custom-header-a;x-custom-header-b"
headers [ "x-custom-header-a" ] = custom_header_a
headers [ "x-custom-header-b" ] = custom_header_b
local code , _ , body = t . test ( '/uri' ,
ngx . HTTP_PUT ,
req_body ,
nil ,
headers
)
if code >= 300 then
ngx . status = code
end
local headers_arr = ngx_re . split ( body , "\n" )
for i , v in ipairs ( headers_arr ) do
if i ~= 4 and i ~= 12 then - - skip date and x - hmac - signature
ngx . say ( v )
end
end
}
}
- - - request
GET / t
- - - response_body
uri: / uri
host: 127.0 .0 .1
content - type: application / x - www - form - urlencoded
x - real - ip: 127.0 .0 .1
user - agent: lua - resty - http /0.14 (Lua) ngx_lua/ 10017
content - length : 52
x - hmac - signed - headers: x - custom - header - a ; x - custom - header - b
x - custom - header - b: 23879 fmsldfk
x - hmac - algorithm: hmac - sha256
x - hmac - access - key: my - access - key4
x - custom - header - a: asld $% dfasf
- - - no_error_log
[ error ]
2020-10-29 09:26:59 +08:00
=== TEST 32 : get the default schema
- - - request
GET /apisix/ admin /schema/ plugins / hmac - auth
- - - response_body
{ "properties" : { "disable" : { "type" : "boolean" } } , "title" : "work with route or service object" , "additionalProperties" : false , "type" : "object" }
- - - no_error_log
[ error ]
=== TEST 33 : get the schema by schema_type
- - - request
GET /apisix/ admin /schema/ plugins / hmac - auth ? schema_type = consumer
- - - response_body
{ "title" : "work with consumer object" , "additionalProperties" : false , "required" : [ "access_key" , "secret_key" ] , "properties" : { "clock_skew" : { "default" : 0 , "type" : "integer" } , "keep_headers" : { "title" : "whether to keep the http request header" , "default" : false , "type" : "boolean" } , "secret_key" : { "minLength" : 1 , "maxLength" : 256 , "type" : "string" } , "algorithm" : { "type" : "string" , "default" : "hmac-sha256" , "enum" : [ "hmac-sha1" , "hmac-sha256" , "hmac-sha512" ] } , "signed_headers" : { "items" : { "minLength" : 1 , "maxLength" : 50 , "type" : "string" } , "type" : "array" } , "access_key" : { "minLength" : 1 , "maxLength" : 256 , "type" : "string" } } , "type" : "object" }
- - - no_error_log
[ error ]
=== TEST 34 : get the schema by error schema_type
- - - request
GET /apisix/ admin /schema/ plugins / hmac - auth ? schema_type = consumer123123
- - - response_body
{ "properties" : { "disable" : { "type" : "boolean" } } , "title" : "work with route or service object" , "additionalProperties" : false , "type" : "object" }
- - - no_error_log
[ error ]