Skip to content

Commit

Permalink
fix(session) add custom_id or username check (#12)
Browse files Browse the repository at this point in the history
* fix(session) add custom_id or username check
  - was throwing 500 if either username or custom_id were nil
* fix(session) clear headers if not setting
  • Loading branch information
darrenjennings authored Aug 19, 2019
1 parent 87b3c76 commit ad9a260
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 5 deletions.
15 changes: 13 additions & 2 deletions kong/plugins/session/access.lua
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,20 @@ end

local function set_consumer(consumer, credential_id)
local set_header = kong.service.request.set_header
local clear_header = kong.service.request.clear_header

set_header(constants.HEADERS.CONSUMER_ID, consumer.id)
set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)
if consumer.custom_id then
set_header(constants.HEADERS.CONSUMER_CUSTOM_ID, consumer.custom_id)
else
clear_header(constants.HEADERS.CONSUMER_CUSTOM_ID)
end

if consumer.username then
set_header(constants.HEADERS.CONSUMER_USERNAME, consumer.username)
else
clear_header(constants.HEADERS.CONSUMER_USERNAME)
end

if credential_id then
local credential = {id = credential_id or consumer.id, consumer_id = consumer.id}
Expand Down Expand Up @@ -69,6 +79,7 @@ function _M.execute(conf)
s:start()

set_consumer(consumer, credential)

kong.ctx.shared.authenticated_session = s
end

Expand Down
61 changes: 58 additions & 3 deletions spec/01-access_spec.lua
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
local utils = require "kong.tools.utils"
local constants = require "kong.constants"
local helpers = require "spec.helpers"
local cjson = require "cjson"
local lower = string.lower


for _, strategy in helpers.each_strategy() do
describe("Plugin: Session (access) [#" .. strategy .. "]", function()
local client
local client, consumer

lazy_setup(function()
local bp = helpers.get_db_utils(strategy, {
local bp, db = helpers.get_db_utils(strategy, {
"plugins",
"routes",
"services",
Expand All @@ -25,6 +28,11 @@ for _, strategy in helpers.each_strategy() do
hosts = {"httpbin.org"},
}

local route3 = bp.routes:insert {
paths = {"/headers"},
hosts = {"httpbin.org"},
}

assert(bp.plugins:insert {
name = "session",
route = {
Expand All @@ -45,7 +53,15 @@ for _, strategy in helpers.each_strategy() do
}
})

local consumer = bp.consumers:insert { username = "coop", }
assert(bp.plugins:insert {
name = "session",
route = {
id = route3.id,
},
})

consumer = db.consumers:insert({username = "coop"})

bp.keyauth_credentials:insert {
key = "kong",
consumer = {
Expand Down Expand Up @@ -74,6 +90,16 @@ for _, strategy in helpers.each_strategy() do
}
}

bp.plugins:insert {
name = "key-auth",
route = {
id = route3.id,
},
config = {
anonymous = anonymous.id
}
}

bp.plugins:insert {
name = "request-termination",
consumer = {
Expand Down Expand Up @@ -162,6 +188,35 @@ for _, strategy in helpers.each_strategy() do
res = assert(client:send(request))
assert.response(res).has.status(200)
end)

it("consumer headers are set correctly on request", function()
local res, cookie
local request = {
method = "GET",
path = "/headers",
headers = { host = "httpbin.org", },
}

-- make a request with a valid key, grab the cookie for later
request.headers.apikey = "kong"
res = assert(client:send(request))
assert.response(res).has.status(200)

cookie = assert.response(res).has.header("Set-Cookie")

request.headers.apikey = nil
request.headers.cookie = cookie

res = assert(client:send(request))
assert.response(res).has.status(200)

local body = assert.res_status(200, res)
local json = cjson.decode(body)

assert.equal(consumer.id, json.headers[lower(constants.HEADERS.CONSUMER_ID)])
assert.equal(consumer.username, json.headers[lower(constants.HEADERS.CONSUMER_USERNAME)])
assert.equal(nil, json.headers[constants.HEADERS.CONSUMER_CUSTOM_ID])
end)
end)
end)
end

0 comments on commit ad9a260

Please sign in to comment.