From 87b3c76bdee80fc2f131ff5197bbeeaf84cc3f15 Mon Sep 17 00:00:00 2001 From: Aapo Talvensaari Date: Mon, 8 Jul 2019 19:16:08 +0300 Subject: [PATCH] chore(session) 2.1.1 (#11) * fix(session) do not try to use body if it cannot be read on logout * chore(session) 2.1.1 --- ...ec => kong-plugin-session-2.1.1-1.rockspec | 4 +- kong/plugins/session/handler.lua | 2 +- kong/plugins/session/session.lua | 42 ++++----- spec/03-session_spec.lua | 86 +++++++------------ 4 files changed, 50 insertions(+), 84 deletions(-) rename kong-plugin-session-2.1.0-1.rockspec => kong-plugin-session-2.1.1-1.rockspec (96%) diff --git a/kong-plugin-session-2.1.0-1.rockspec b/kong-plugin-session-2.1.1-1.rockspec similarity index 96% rename from kong-plugin-session-2.1.0-1.rockspec rename to kong-plugin-session-2.1.1-1.rockspec index 2d72b88b1f04..661fb974d1a8 100644 --- a/kong-plugin-session-2.1.0-1.rockspec +++ b/kong-plugin-session-2.1.1-1.rockspec @@ -1,12 +1,12 @@ package = "kong-plugin-session" -version = "2.1.0-1" +version = "2.1.1-1" supported_platforms = {"linux", "macosx"} source = { url = "git://github.com/Kong/kong-plugin-session", - tag = "2.1.0" + tag = "2.1.1" } description = { diff --git a/kong/plugins/session/handler.lua b/kong/plugins/session/handler.lua index 74d57ffc2cd6..a665c993fad1 100644 --- a/kong/plugins/session/handler.lua +++ b/kong/plugins/session/handler.lua @@ -7,7 +7,7 @@ local kong = kong local KongSessionHandler = { PRIORITY = 1900, - VERSION = "2.1.0", + VERSION = "2.1.1", } diff --git a/kong/plugins/session/session.lua b/kong/plugins/session/session.lua index 8dfc63a9395a..9f645c1a480c 100644 --- a/kong/plugins/session/session.lua +++ b/kong/plugins/session/session.lua @@ -83,11 +83,10 @@ end --- Determine is incoming request is trying to logout -- @return boolean should logout of the session? function _M.logout(conf) - local logout = false - local logout_methods = conf.logout_methods if logout_methods then local request_method = kong.request.get_method() + local logout for _, logout_method in ipairs(logout_methods) do if logout_method == request_method then logout = true @@ -95,36 +94,29 @@ function _M.logout(conf) end end - if logout then - logout = false - - local logout_query_arg = conf.logout_query_arg - if logout_query_arg then - if kong.request.get_query_arg(logout_query_arg) then - logout = true - end - end + if not logout then + return false + end - if logout then + local logout_query_arg = conf.logout_query_arg + if logout_query_arg then + if kong.request.get_query_arg(logout_query_arg) then kong.log.debug("logout by query argument") + return true + end + end - else - local logout_post_arg = conf.logout_post_arg - if logout_post_arg then - local post_args = kong.request.get_body() - if post_args[logout_post_arg] then - logout = true - end - - if logout then - kong.log.debug("logout by post argument") - end - end + local logout_post_arg = conf.logout_post_arg + if logout_post_arg then + local post_args = kong.request.get_body() + if post_args and post_args[logout_post_arg] then + kong.log.debug("logout by post argument") + return true end end end - return logout + return false end diff --git a/spec/03-session_spec.lua b/spec/03-session_spec.lua index 4da3b3ea4fb3..963aa0580c09 100644 --- a/spec/03-session_spec.lua +++ b/spec/03-session_spec.lua @@ -1,106 +1,80 @@ -local helpers = require "spec.helpers" -local session = require "kong.plugins.session.session" -local phases = require "kong.pdk.private.phases" +local function mock(method) + _G.kong = { + request = { + get_method = function() return method end, + get_query_arg = function() return true end, + get_body = function() return { session_logout = true } end, + }, + log = { + debug = function() end + } + } -describe("Plugin: Session - session.lua", function() - local old_ngx + return require "kong.plugins.session.session" +end +describe("Plugin: Session - session.lua", function() + local old_kong before_each(function() - kong.ctx.core.phase = phases.phases.request - - old_ngx = { - get_phase = function()end, - req = { - read_body = function()end - }, - log = function() end, - DEBUG = 1 - } - _G.ngx = old_ngx + old_kong = _G.kong end) after_each(function() - _G.ngx = old_ngx + _G.kong = old_kong + package.loaded["kong.plugins.session.session"] = nil end) - it("logs out with GET request", function() - kong.request.get_query = function() return {["session_logout"] = true} end - kong.request.get_method = function() return "GET" end - + local session = mock("GET") local conf = { - logout_methods = {"GET", "POST"}, + logout_methods = { "GET", "POST" }, logout_query_arg = "session_logout" } - assert.truthy(session.logout(conf)) end) it("logs out with POST request with body", function() - ngx.req.get_post_args = function() - return {["session_logout"] = true} - end - ngx.req.read_body = function() end - kong.request.get_method = function() return "POST" end - + local session = mock("POST") local conf = { - logout_methods = {"POST"}, + logout_methods = { "POST" }, logout_post_arg = "session_logout" } - assert.truthy(session.logout(conf)) end) it("logs out with DELETE request with body", function() - ngx.req.get_post_args = function() - return {["session_logout"] = true} - end - ngx.req.read_body = function() end - kong.request.get_method = function() return "DELETE" end - + local session = mock("DELETE") local conf = { - logout_methods = {"DELETE"}, + logout_methods = { "DELETE" }, logout_post_arg = "session_logout" } - assert.truthy(session.logout(conf)) end) it("logs out with DELETE request with query params", function() - kong.request.get_query = function() return {["session_logout"] = true} end - kong.request.get_method = function() return "DELETE" end - + local session = mock("DELETE") local conf = { - logout_methods = {"DELETE"}, + logout_methods = { "DELETE" }, logout_query_arg = "session_logout" } - assert.truthy(session.logout(conf)) end) it("does not logout with GET requests when method is not allowed", function() - kong.request.get_query = function() return {["session_logout"] = true} end - kong.request.get_method = function() return "GET" end - + local session = mock("GET") local conf = { - logout_methods = {"DELETE"}, + logout_methods = { "DELETE" }, logout_query_arg = "session_logout" } - assert.falsy(session.logout(conf)) end) it("does not logout with POST requests when method is not allowed", function() - ngx.req.get_post_args = function() - return {["session_logout"] = true} - end - kong.request.get_method = function() return "POST" end - + local session = mock("POST") local conf = { - logout_methods = {"DELETE"}, + logout_methods = { "DELETE" }, logout_post_arg = "session_logout" } - assert.falsy(session.logout(conf)) end) end)