mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-04 04:57:35 +08:00
351 lines
9.1 KiB
Perl
Vendored
351 lines
9.1 KiB
Perl
Vendored
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
use t::APISIX 'no_plan';
|
|
|
|
repeat_each(2);
|
|
no_long_string();
|
|
no_root_location();
|
|
no_shuffle();
|
|
add_block_preprocessor(sub {
|
|
my ($block) = @_;
|
|
|
|
if (!$block->request) {
|
|
$block->set_value("request", "GET /t");
|
|
}
|
|
|
|
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
|
|
$block->set_value("no_error_log", "[error]");
|
|
}
|
|
});
|
|
|
|
run_tests();
|
|
|
|
|
|
__DATA__
|
|
|
|
=== TEST 1: sanity
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local core = require("apisix.core")
|
|
local plugin = require("apisix.plugins.ldap-auth")
|
|
local ok, err = plugin.check_schema({user_dn = 'foo'}, core.schema.TYPE_CONSUMER)
|
|
if not ok then
|
|
ngx.say(err)
|
|
end
|
|
|
|
ngx.say("done")
|
|
}
|
|
}
|
|
--- response_body
|
|
done
|
|
|
|
|
|
|
|
=== TEST 2: wrong type of string
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local plugin = require("apisix.plugins.ldap-auth")
|
|
local ok, err = plugin.check_schema({base_dn = 123, ldap_uri = "127.0.0.1:1389"})
|
|
if not ok then
|
|
ngx.say(err)
|
|
end
|
|
|
|
ngx.say("done")
|
|
}
|
|
}
|
|
--- response_body_like eval
|
|
qr/wrong type: expected string, got number
|
|
done
|
|
/
|
|
|
|
|
|
|
|
=== TEST 3: add consumer with username and plugins
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/consumers',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"username": "user01",
|
|
"plugins": {
|
|
"ldap-auth": {
|
|
"user_dn": "cn=user01,ou=users,dc=example,dc=org"
|
|
}
|
|
}
|
|
}]],
|
|
[[{
|
|
"node": {
|
|
"value": {
|
|
"username": "user01",
|
|
"plugins": {
|
|
"ldap-auth": {
|
|
"user_dn": "cn=user01,ou=users,dc=example,dc=org"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"action": "set"
|
|
}]]
|
|
)
|
|
|
|
ngx.status = code
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- response_body
|
|
passed
|
|
|
|
|
|
|
|
=== TEST 4: enable basic auth plugin using admin api
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"plugins": {
|
|
"ldap-auth": {
|
|
"base_dn": "ou=users,dc=example,dc=org",
|
|
"ldap_uri": "127.0.0.1:1389",
|
|
"uid": "cn"
|
|
}
|
|
},
|
|
"upstream": {
|
|
"nodes": {
|
|
"127.0.0.1:1980": 1
|
|
},
|
|
"type": "roundrobin"
|
|
},
|
|
"uri": "/hello"
|
|
}]]
|
|
)
|
|
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
end
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- response_body
|
|
passed
|
|
|
|
|
|
|
|
=== TEST 5: verify, missing authorization
|
|
--- request
|
|
GET /hello
|
|
--- error_code: 401
|
|
--- response_body
|
|
{"message":"Missing authorization in request"}
|
|
|
|
|
|
|
|
=== TEST 6: verify, invalid basic authorization header
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Bad_header Zm9vOmZvbwo=
|
|
--- error_code: 401
|
|
--- response_body
|
|
{"message":"Invalid authorization header format"}
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 7: verify, invalid authorization value (bad base64 str)
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Basic aca_a
|
|
--- error_code: 401
|
|
--- response_body
|
|
{"message":"Failed to decode authentication header: aca_a"}
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 8: verify, invalid authorization value (no password)
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Basic Zm9v
|
|
--- error_code: 401
|
|
--- response_body
|
|
{"message":"Split authorization err: invalid decoded data: foo"}
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 9: verify, invalid password
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Basic Zm9vOmZvbwo=
|
|
--- error_code: 401
|
|
--- response_body
|
|
{"message":"Invalid user authorization"}
|
|
|
|
|
|
|
|
=== TEST 10: verify
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Basic dXNlcjAxOnBhc3N3b3JkMQ==
|
|
--- response_body
|
|
hello world
|
|
--- error_log
|
|
find consumer user01
|
|
|
|
|
|
|
|
=== TEST 11: enable basic auth plugin using admin api
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"plugins": {
|
|
"ldap-auth": {
|
|
"base_dn": "ou=users,dc=example,dc=org",
|
|
"ldap_uri": "127.0.0.1:1389",
|
|
"uid": "cn"
|
|
}
|
|
},
|
|
"upstream": {
|
|
"nodes": {
|
|
"127.0.0.1:1980": 1
|
|
},
|
|
"type": "roundrobin"
|
|
},
|
|
"uri": "/hello"
|
|
}]]
|
|
)
|
|
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
end
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- response_body
|
|
passed
|
|
|
|
|
|
|
|
=== TEST 12: verify
|
|
--- request
|
|
GET /hello
|
|
--- more_headers
|
|
Authorization: Basic dXNlcjAxOnBhc3N3b3JkMQ==
|
|
--- response_body
|
|
hello world
|
|
--- error_log
|
|
find consumer user01
|
|
|
|
|
|
|
|
=== TEST 13: invalid schema
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
for _, case in ipairs({
|
|
{},
|
|
"blah"
|
|
}) do
|
|
local code, body = t('/apisix/admin/consumers',
|
|
ngx.HTTP_PUT,
|
|
{
|
|
username = "foo",
|
|
plugins = {
|
|
["ldap-auth"] = case
|
|
}
|
|
}
|
|
)
|
|
ngx.print(body)
|
|
end
|
|
}
|
|
}
|
|
--- response_body
|
|
{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin ldap-auth err: property \"user_dn\" is required"}
|
|
{"error_msg":"invalid plugins configuration: invalid plugin conf \"blah\" for plugin [ldap-auth]"}
|
|
|
|
|
|
|
|
=== TEST 14: get the default schema
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/schema/plugins/ldap-auth',
|
|
ngx.HTTP_GET,
|
|
nil,
|
|
[[
|
|
{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"}
|
|
]]
|
|
)
|
|
ngx.status = code
|
|
}
|
|
}
|
|
|
|
|
|
|
|
=== TEST 15: get the schema by schema_type
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/schema/plugins/ldap-auth?schema_type=consumer',
|
|
ngx.HTTP_GET,
|
|
nil,
|
|
[[
|
|
{"title":"work with consumer object","required":["user_dn"],"properties":{"user_dn":{"type":"string"}},"type":"object"}
|
|
]]
|
|
)
|
|
ngx.status = code
|
|
}
|
|
}
|
|
|
|
|
|
|
|
=== TEST 16: get the schema by error schema_type
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/schema/plugins/ldap-auth?schema_type=consumer123123',
|
|
ngx.HTTP_GET,
|
|
nil,
|
|
[[
|
|
{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"} ]]
|
|
)
|
|
ngx.status = code
|
|
}
|
|
}
|