mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-05 05:27:35 +08:00
fix: the jwt plugin does not handle the case where exp
is empty. (#… (#2657)
fix #2649
This commit is contained in:
parent
d2d826e6ab
commit
53a8f5a2ed
@ -53,7 +53,7 @@ local consumer_schema = {
|
|||||||
enum = {"HS256", "HS512", "RS256"},
|
enum = {"HS256", "HS512", "RS256"},
|
||||||
default = "HS256"
|
default = "HS256"
|
||||||
},
|
},
|
||||||
exp = {type = "integer", minimum = 1},
|
exp = {type = "integer", minimum = 1, default = 86400},
|
||||||
base64_secret = {
|
base64_secret = {
|
||||||
type = "boolean",
|
type = "boolean",
|
||||||
default = false
|
default = false
|
||||||
@ -122,10 +122,6 @@ function _M.check_schema(conf, schema_type)
|
|||||||
return false, "missing valid private key"
|
return false, "missing valid private key"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if not conf.exp then
|
|
||||||
conf.exp = 60 * 60 * 24
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
return true
|
return true
|
||||||
|
@ -526,7 +526,7 @@ GET /t
|
|||||||
--- request
|
--- request
|
||||||
GET /apisix/admin/schema/plugins/jwt-auth?schema_type=consumer
|
GET /apisix/admin/schema/plugins/jwt-auth?schema_type=consumer
|
||||||
--- response_body
|
--- response_body
|
||||||
{"required":["key"],"properties":{"exp":{"minimum":1,"type":"integer"},"private_key":{"type":"string"},"public_key":{"type":"string"},"algorithm":{"type":"string","default":"HS256","enum":["HS256","HS512","RS256"]},"base64_secret":{"default":false,"type":"boolean"},"secret":{"type":"string"},"key":{"type":"string"}},"additionalProperties":false,"type":"object"}
|
{"required":["key"],"properties":{"exp":{"type":"integer","default":86400,"minimum":1},"private_key":{"type":"string"},"public_key":{"type":"string"},"algorithm":{"type":"string","default":"HS256","enum":["HS256","HS512","RS256"]},"base64_secret":{"default":false,"type":"boolean"},"secret":{"type":"string"},"key":{"type":"string"}},"additionalProperties":false,"type":"object"}
|
||||||
--- no_error_log
|
--- no_error_log
|
||||||
[error]
|
[error]
|
||||||
|
|
||||||
@ -1140,3 +1140,73 @@ base64_secret required but the secret is not in base64 format
|
|||||||
[error]
|
[error]
|
||||||
--- request
|
--- request
|
||||||
GET /t
|
GET /t
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
=== TEST 50: when the exp value is not set, make sure the default value(86400) works
|
||||||
|
--- config
|
||||||
|
location /t {
|
||||||
|
content_by_lua_block {
|
||||||
|
local t = require("lib.test_admin").test
|
||||||
|
local code, body, res_data = t('/apisix/admin/consumers',
|
||||||
|
ngx.HTTP_PUT,
|
||||||
|
[[{
|
||||||
|
"username": "kerouac",
|
||||||
|
"plugins": {
|
||||||
|
"jwt-auth": {
|
||||||
|
"key": "exp-not-set",
|
||||||
|
"secret": "my-secret-key"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}]],
|
||||||
|
[[{
|
||||||
|
"node": {
|
||||||
|
"value": {
|
||||||
|
"username": "kerouac",
|
||||||
|
"plugins": {
|
||||||
|
"jwt-auth": {
|
||||||
|
"key": "exp-not-set",
|
||||||
|
"secret": "my-secret-key"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"action": "set"
|
||||||
|
}]]
|
||||||
|
)
|
||||||
|
|
||||||
|
ngx.status = code
|
||||||
|
ngx.say(require("cjson").encode(res_data))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--- request
|
||||||
|
GET /t
|
||||||
|
--- response_body_like eval
|
||||||
|
qr/"exp":86400/
|
||||||
|
--- no_error_log
|
||||||
|
[error]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
=== TEST 51: when the exp value is not set, sign jwt use the default value(86400)
|
||||||
|
--- config
|
||||||
|
location /t {
|
||||||
|
content_by_lua_block {
|
||||||
|
local t = require("lib.test_admin").test
|
||||||
|
local code, body, res_data = t('/apisix/plugin/jwt/sign?key=exp-not-set',
|
||||||
|
ngx.HTTP_GET)
|
||||||
|
|
||||||
|
local jwt = require("resty.jwt")
|
||||||
|
local jwt_obj = jwt:load_jwt(res_data)
|
||||||
|
local exp_in_jwt = jwt_obj.payload.exp
|
||||||
|
local ngx_time = ngx.time
|
||||||
|
local use_default_exp = ngx_time() + 86400 - 1 <= exp_in_jwt and exp_in_jwt <= ngx_time() + 86400
|
||||||
|
ngx.say(use_default_exp)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--- request
|
||||||
|
GET /t
|
||||||
|
--- response_body
|
||||||
|
true
|
||||||
|
--- no_error_log
|
||||||
|
[error]
|
||||||
|
Loading…
Reference in New Issue
Block a user