From 264ff152c6f58f5ab4d1d98961899f9b30aee997 Mon Sep 17 00:00:00 2001 From: Madhawa Gunasekara Date: Tue, 14 Nov 2023 16:28:10 +0100 Subject: [PATCH] add test cases --- apisix/plugins/multi-auth.lua | 20 +-- docs/en/latest/plugins/multi-auth.md | 14 ++- t/plugin/multi-auth.t | 182 ++++++++++++++++++++++++++- 3 files changed, 198 insertions(+), 18 deletions(-) diff --git a/apisix/plugins/multi-auth.lua b/apisix/plugins/multi-auth.lua index e9a7b6b7c2fe..779dcd6bc3f1 100644 --- a/apisix/plugins/multi-auth.lua +++ b/apisix/plugins/multi-auth.lua @@ -46,13 +46,13 @@ function _M.check_schema(conf) local auth_plugins = conf.auth_plugins for k, auth_plugin in pairs(auth_plugins) do - for key, value in pairs(auth_plugin) do - local auth = require("apisix.plugins." .. key) + for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do + local auth = require("apisix.plugins." .. auth_plugin_name) if auth == nil then - return false, key .. " plugin did not found" + return false, auth_plugin_name .. " plugin did not found" else if auth.type ~= 'auth' then - return false, key .. " plugin is not supported" + return false, auth_plugin_name .. " plugin is not supported" end end end @@ -65,15 +65,17 @@ function _M.rewrite(conf, ctx) local auth_plugins = conf.auth_plugins local status_code for k, auth_plugin in pairs(auth_plugins) do - for key, value in pairs(auth_plugin) do - local auth = require("apisix.plugins." .. key) - local auth_code = auth.rewrite(value, ctx) + for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do + local auth = require("apisix.plugins." .. auth_plugin_name) + -- returns 401 HTTP status code if authentication failed, otherwise nothing returns. + local auth_code = auth.rewrite(auth_plugin_conf, ctx) status_code = auth_code if auth_code == nil then - core.log.debug("Authentication is successful" .. key .. " plugin") + core.log.debug("Authentication is successful" .. auth_plugin_name .. " plugin") goto authenticated else - core.log.warn("Authentication is failed" .. key .. " plugin, code: " .. auth_code) + core.log.warn("Authentication is failed" .. auth_plugin_name .. " plugin, code: " + .. auth_code) end end end diff --git a/docs/en/latest/plugins/multi-auth.md b/docs/en/latest/plugins/multi-auth.md index 7ac218198835..703fac19ae2f 100644 --- a/docs/en/latest/plugins/multi-auth.md +++ b/docs/en/latest/plugins/multi-auth.md @@ -1,5 +1,5 @@ --- -title: basic-auth +title: multi-auth keywords: - Apache APISIX - API Gateway @@ -30,15 +30,15 @@ description: This document contains information about the Apache APISIX multi-au ## Description -The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. Plugins with type 'auth' are supported. +The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. It supports plugins of type 'auth'. You can combine different authentication methods using "or" relationship with `multi-auth` plugin. If you want to use multiple methods in an "and" relationship, apply specific authentication plugins directly to the route or service. ## Attributes For Route: -| Name | Type | Required | Default | Description | -|--------------|-------|----------|---------|--------------------------------------------| -| auth_plugins | array | True | - | Add supporting auth plugins configuration. | +| Name | Type | Required | Default | Description | +|--------------|-------|----------|---------|-----------------------------------------------------------------------| +| auth_plugins | array | True | - | Add supporting auth plugins configuration. expects at least 2 plugins | ## Enable Plugin @@ -98,10 +98,14 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13 After you have configured the Plugin as mentioned above, you can make a request to the Route as shown below: +request with basic-auth + ```shell curl -i -ufoo:bar http://127.0.0.1:9080/hello ``` +request with key-auth + ```shell curl http://127.0.0.2:9080/hello -H 'apikey: auth-one' -i ``` diff --git a/t/plugin/multi-auth.t b/t/plugin/multi-auth.t index b128d3f4142e..c1e0be54d7b7 100644 --- a/t/plugin/multi-auth.t +++ b/t/plugin/multi-auth.t @@ -125,7 +125,7 @@ GET /hello -=== TEST 4: verify basic +=== TEST 4: verify basic-auth --- request GET /hello --- more_headers @@ -137,7 +137,7 @@ find consumer foo -=== TEST 5: verify key +=== TEST 5: verify key-auth --- request GET /hello --- more_headers @@ -169,7 +169,7 @@ apikey: auth-two -=== TEST 8: enable multi auth plugin using admin api +=== TEST 8: enable multi auth plugin using admin api, without any auth_plugins configuration --- config location /t { content_by_lua_block { @@ -204,7 +204,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr -=== TEST 9: enable multi auth plugin using admin api +=== TEST 9: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin --- config location /t { content_by_lua_block { @@ -242,3 +242,177 @@ GET /t --- error_code: 400 --- response_body_like eval qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: property \\"auth_plugins\\" validation failed: expect array to have at least 2 items"\}/ + + + +=== TEST 10: create public API route (jwt-auth sign) +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/2', + ngx.HTTP_PUT, + [[{ + "plugins": { + "public-api": {} + }, + "uri": "/apisix/plugin/jwt/sign" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 11: add consumer with username and jwt-auth plugins +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "jack", + "plugins": { + "jwt-auth": { + "key": "user-key", + "secret": "my-secret-key" + } + } + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 12: sign / verify jwt-auth +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key', + ngx.HTTP_GET + ) + + if code > 200 then + ngx.status = code + ngx.say(err) + return + end + + local code, _, res = t('/hello?jwt=' .. sign, + ngx.HTTP_GET + ) + + ngx.status = code + ngx.print(res) + } + } +--- request +GET /t +--- response_body +hello world + + + +=== TEST 13: verify multi-auth with plugin config will cause the conf_version change +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + + local code, err = t('/apisix/admin/plugin_configs/1', + ngx.HTTP_PUT, + [[{ + "desc": "Multiple Authentication", + "plugins": { + "multi-auth": { + "auth_plugins": [ + { + "basic-auth": {} + }, + { + "key-auth": { + "query": "apikey", + "hide_credentials": true, + "header": "apikey" + } + }, + { + "jwt-auth": { + "cookie": "jwt", + "query": "jwt", + "hide_credentials": true, + "header": "authorization" + } + } + ] + } + } + }]] + ) + if code > 300 then + ngx.log(ngx.ERR, err) + return + end + + local code, err = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "uri": "/hello", + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "plugin_config_id": 1 + }]] + ) + if code > 300 then + ngx.log(ngx.ERR, err) + return + end + ngx.sleep(0.1) + + local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key', + ngx.HTTP_GET + ) + + if code > 200 then + ngx.status = code + ngx.say(err) + return + end + + local code, _, res = t('/hello?jwt=' .. sign, + ngx.HTTP_GET + ) + + ngx.status = code + ngx.print(res) + } + } +--- request +GET /t +--- response_body +hello world