-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key Authentication broken in 0.10.3 and 0.11.0 #2874
Comments
@prem911 you may want to check the usage of |
Thanks @p0pr0ck5 Global key-auth plugin curl -i http://kong:8001/plugins/7ac1001a-1112-45ee-bc85-2f11ead0e2b3
API curl -i http://kong:8001/apis/httpbin
API and plugin curl -i http://kong:8001/apis/httpbin/plugins
Consumer curl -i http://kong:8001/consumers/prem
Consumer's key-auth curl -i http://kong:8001/consumers/prem/key-auth
API TEST curl -i http://kong:8000/products?apikey=key1 results in I have done all the steps as per the documentation. Let me know if I have missed something. |
Hi.
I am using Kong 0.11.0 and key-auth plugin work as expected. I am
finding a little bit strange that when you do:
$ curl -i http://kong:8001/plugins/7ac1001a-1112-45ee-bc85-2f11ead0e2b3
You have this "key_names":["function"]} in you return. It seems that the
parameter name that holds the key is missing.
Look at my test in localhost. I have the admin-api configured with
key-auth for access through port 8000.
$ curl --silent -X GET http://localhost:8001/apis/admin-api/plugins | jq '.'
{
"total": 2,
"data": [
{
"created_at": 1505076161000,
"config": {
"key_in_body": false,
"anonymous": "",
"key_names": [
"apikey"
],
"hide_credentials": true
},
"id": "ea194ac0-1533-4c92-86c4-7b7cf8ab5456",
"enabled": true,
"api_id": "70e215d3-73a9-4b03-839f-417e4f1ca524",
"name": "key-auth"
},
}
Test #1 - Access without key
$ curl -X GET http://localhost:8000/admin-api
{"message":"No API key found in request"}
Test #2 - Access with wrong key
$ curl --silent -X GET http://localhost:8000/admin-api -H "apikey: teste"
{"message": "Invalid authentication credentials"}
Test #3 - Access with key in header
$ curl --silent -X GET http://localhost:8000/admin-api -H "apikey:
teste123" | jq '.'
{
"version": "0.11.0",
"plugins": {
"enabled_in_cluster": [
"key-auth",
Test #4 - Access with key in URI parameter
$ curl --silent -X GET http://localhost:8000/admin-api?apikey=teste123 |
jq '.'
{
"version": "0.11.0",
"plugins": {
Best regards.
Guilherme
…On 09/09/2017 03:13 AM, Premananda Mohapatra wrote:
Thanks @p0pr0ck5 <https://github.com/p0pr0ck5>
Maybe I was not clear in my steps. Let me explain it and use curl
instead of httpie.
*Global key-auth plugin*
curl -i http://kong:8001/plugins/7ac1001a-1112-45ee-bc85-2f11ead0e2b3
|{"created_at":1504879360000,"config":{"hide_credentials":false,"anonymous":"","key_in_body":false,"key_names":["function"]},"id":"7ac1001a-1112-45ee-bc85-2f11ead0e2b3","enabled":true,"api_id":"d75616f5-2f19-425e-8164-7a53d6f1ee80","name":"key-auth"}|
Note that key_in_body is false
*API*
curl -i http://kong:8001/apis/httpbin
|{"created_at":1504878764000,"strip_uri":true,"id":"d75616f5-2f19-425e-8164-7a53d6f1ee80","hosts":["example.com"],"name":"httpbin","http_if_terminated":false,"https_only":false,"retries":5,"uris":["\/products"],"preserve_host":false,"upstream_connect_timeout":60000,"upstream_read_timeout":60000,"upstream_send_timeout":60000,"upstream_url":"http:\/\/httpbin.org"}|
*API and plugin*
curl -i http://kong:8001/apis/httpbin/plugins
|{"total":1,"data":[{"created_at":1504879360000,"config":{"hide_credentials":false,"anonymous":"","key_in_body":false,"key_names":["function"]},"id":"7ac1001a-1112-45ee-bc85-2f11ead0e2b3","enabled":true,"api_id":"d75616f5-2f19-425e-8164-7a53d6f1ee80","name":"key-auth"}]}|
*Consumer*
curl -i http://kong:8001/consumers/prem
|{"created_at":1504879429000,"username":"prem","id":"61a4993d-515d-4cab-a920-b52a7b297026"}|
*Consumer's key-auth*
curl -i http://kong:8001/consumers/prem/key-auth
|{"total":1,"data":[{"id":"50f1495e-3e8d-43ce-b360-c6a7941cc7ee","created_at":1504879492000,"key":"key1","consumer_id":"61a4993d-515d-4cab-a920-b52a7b297026"}]}|
So, we have the api /products with a key-auth plugin enabled and a
consumer with the same plugin.
*API TEST*
curl -i http://kong:8000/products?apikey=key1
results in
|{"message":"No API key found in request"}|
I have done all the steps as per the documentation. Let me know if I
have missed something.
This is too big an error to be missed out by Kong and that too in 2
releases.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2874 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AQ1jGXAKWUak9w-_go00tAR4sCVzIxNkks5sgixygaJpZM4PRReU>.
|
Thanks @macedogm Not sure how "function" was inserted. It may be done by Kong-dashboard. |
@macedogm Thank you for giving your insight and helping on here!
That is very likely indeed. |
Summary
Providing correct apikey gives HTTP 401 and response
{
"message": "No API key found in request"
}
Steps To Reproduce
Additional Details & Logs
$ kong version
) - 0.10.3 and 0.11.0$ kong start --vv
)<KONG_PREFIX>/logs/error.log
)Kong has been installed using docker. Using postgres which has been installed using docker.
The text was updated successfully, but these errors were encountered: