From 35aa60546de8d313c792f32afcb3ec71fd179520 Mon Sep 17 00:00:00 2001 From: Zhefeng Chen Date: Wed, 27 Nov 2024 13:12:03 +0800 Subject: [PATCH] fix(plugins): Improved the error message when an anonymous consumer was configured but did not exist https://konghq.atlassian.net/browse/FTI-5392 --- .../kong/fix-nonexisting-anonymous-error-message.yml | 3 +++ kong/plugins/basic-auth/access.lua | 6 ++++++ kong/plugins/hmac-auth/access.lua | 6 ++++++ kong/plugins/jwt/handler.lua | 6 ++++++ kong/plugins/key-auth/handler.lua | 6 ++++++ kong/plugins/ldap-auth/access.lua | 6 ++++++ kong/plugins/oauth2/access.lua | 6 ++++++ spec/03-plugins/09-key-auth/02-access_spec.lua | 6 ++++-- spec/03-plugins/10-basic-auth/03-access_spec.lua | 6 ++++-- spec/03-plugins/16-jwt/03-access_spec.lua | 6 ++++-- spec/03-plugins/19-hmac-auth/03-access_spec.lua | 6 ++++-- spec/03-plugins/20-ldap-auth/01-access_spec.lua | 6 ++++-- spec/03-plugins/25-oauth2/03-access_spec.lua | 6 ++++-- 13 files changed, 63 insertions(+), 12 deletions(-) create mode 100644 changelog/unreleased/kong/fix-nonexisting-anonymous-error-message.yml diff --git a/changelog/unreleased/kong/fix-nonexisting-anonymous-error-message.yml b/changelog/unreleased/kong/fix-nonexisting-anonymous-error-message.yml new file mode 100644 index 000000000000..b4ca7410265f --- /dev/null +++ b/changelog/unreleased/kong/fix-nonexisting-anonymous-error-message.yml @@ -0,0 +1,3 @@ +message: "**authentication-plugins**: Improved the error message when an anonymous consumer was configured but did not exist." +type: bugfix +scope: Plugin diff --git a/kong/plugins/basic-auth/access.lua b/kong/plugins/basic-auth/access.lua index cd2297098654..d989738d5cbe 100644 --- a/kong/plugins/basic-auth/access.lua +++ b/kong/plugins/basic-auth/access.lua @@ -218,6 +218,12 @@ function _M.execute(conf) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. conf.anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) else diff --git a/kong/plugins/hmac-auth/access.lua b/kong/plugins/hmac-auth/access.lua index 39e3acb90fe4..e3a2828ddf68 100644 --- a/kong/plugins/hmac-auth/access.lua +++ b/kong/plugins/hmac-auth/access.lua @@ -363,6 +363,12 @@ local function set_anonymous_consumer(anonymous) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) end diff --git a/kong/plugins/jwt/handler.lua b/kong/plugins/jwt/handler.lua index 798dac4ef6fe..6f18494ed39f 100644 --- a/kong/plugins/jwt/handler.lua +++ b/kong/plugins/jwt/handler.lua @@ -273,6 +273,12 @@ local function set_anonymous_consumer(anonymous) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) end diff --git a/kong/plugins/key-auth/handler.lua b/kong/plugins/key-auth/handler.lua index 89786aa7520a..f3a00706e31d 100644 --- a/kong/plugins/key-auth/handler.lua +++ b/kong/plugins/key-auth/handler.lua @@ -223,6 +223,12 @@ local function set_anonymous_consumer(anonymous) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) end diff --git a/kong/plugins/ldap-auth/access.lua b/kong/plugins/ldap-auth/access.lua index e75d92344860..a2b5db0817bd 100644 --- a/kong/plugins/ldap-auth/access.lua +++ b/kong/plugins/ldap-auth/access.lua @@ -290,6 +290,12 @@ local function set_anonymous_consumer(anonymous) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) end diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 7e026951b074..04eecf657f21 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -1077,6 +1077,12 @@ local function set_anonymous_consumer(anonymous) return error(err) end + if not consumer then + local err_msg = "anonymous consumer " .. anonymous .. " is configured but doesn't exist" + kong.log.err(err_msg) + return kong.response.error(500, err_msg) + end + set_consumer(consumer) end diff --git a/spec/03-plugins/09-key-auth/02-access_spec.lua b/spec/03-plugins/09-key-auth/02-access_spec.lua index a1a7b3a925ec..3a166ee90d0a 100644 --- a/spec/03-plugins/09-key-auth/02-access_spec.lua +++ b/spec/03-plugins/09-key-auth/02-access_spec.lua @@ -9,6 +9,7 @@ for _, strategy in helpers.each_strategy() do describe("Plugin: key-auth (access) [#" .. strategy .. "]", function() local mock, proxy_client local kong_cred + local nonexisting_anonymous = uuid.uuid() -- a nonexisting consumer id lazy_setup(function() mock = http_mock.new(MOCK_PORT) @@ -117,7 +118,7 @@ for _, strategy in helpers.each_strategy() do name = "key-auth", route = { id = route4.id }, config = { - anonymous = uuid.uuid(), -- unknown consumer + anonymous = nonexisting_anonymous, -- a nonexisting consumer id }, } @@ -803,7 +804,8 @@ for _, strategy in helpers.each_strategy() do ["Host"] = "key-auth4.test" } }) - assert.response(res).has.status(500) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) end) end) diff --git a/spec/03-plugins/10-basic-auth/03-access_spec.lua b/spec/03-plugins/10-basic-auth/03-access_spec.lua index 34560721de35..75224c8c2a3a 100644 --- a/spec/03-plugins/10-basic-auth/03-access_spec.lua +++ b/spec/03-plugins/10-basic-auth/03-access_spec.lua @@ -6,6 +6,7 @@ local uuid = require "kong.tools.uuid" for _, strategy in helpers.each_strategy() do describe("Plugin: basic-auth (access) [#" .. strategy .. "]", function() local proxy_client + local nonexisting_anonymous = uuid.uuid() -- a non-existing consumer id lazy_setup(function() local bp = helpers.get_db_utils(strategy, { @@ -104,7 +105,7 @@ for _, strategy in helpers.each_strategy() do name = "basic-auth", route = { id = route4.id }, config = { - anonymous = uuid.uuid(), -- a non-existing consumer id + anonymous = nonexisting_anonymous, -- a non-existing consumer id }, } @@ -430,7 +431,8 @@ for _, strategy in helpers.each_strategy() do ["Host"] = "basic-auth4.test" } }) - assert.response(res).has.status(500) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) end) diff --git a/spec/03-plugins/16-jwt/03-access_spec.lua b/spec/03-plugins/16-jwt/03-access_spec.lua index 77541b70e360..85aab6c4b37c 100644 --- a/spec/03-plugins/16-jwt/03-access_spec.lua +++ b/spec/03-plugins/16-jwt/03-access_spec.lua @@ -32,6 +32,7 @@ for _, strategy in helpers.each_strategy() do local hs_jwt_secret_2 local proxy_client local admin_client + local nonexisting_anonymous = uuid.uuid() -- a nonexisting consumer id lazy_setup(function() local bp = helpers.get_db_utils(strategy, { @@ -121,7 +122,7 @@ for _, strategy in helpers.each_strategy() do plugins:insert({ name = "jwt", route = { id = routes[7].id }, - config = { anonymous = uuid.uuid() }, + config = { anonymous = nonexisting_anonymous }, -- a nonexisting consumer id }) plugins:insert({ @@ -1243,7 +1244,8 @@ for _, strategy in helpers.each_strategy() do ["Host"] = "jwt7.test" } }) - assert.response(res).has.status(500) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) end) end) diff --git a/spec/03-plugins/19-hmac-auth/03-access_spec.lua b/spec/03-plugins/19-hmac-auth/03-access_spec.lua index c771500426a4..bb5e6e898938 100644 --- a/spec/03-plugins/19-hmac-auth/03-access_spec.lua +++ b/spec/03-plugins/19-hmac-auth/03-access_spec.lua @@ -20,6 +20,7 @@ for _, strategy in helpers.each_strategy() do local proxy_client local consumer local credential + local nonexisting_anonymous = uuid.uuid() -- a nonexisting consumer id lazy_setup(function() local bp = helpers.get_db_utils(strategy, { @@ -96,7 +97,7 @@ for _, strategy in helpers.each_strategy() do name = "hmac-auth", route = { id = route3.id }, config = { - anonymous = uuid.uuid(), -- non existing consumer + anonymous = nonexisting_anonymous, -- a non existing consumer id clock_skew = 3000 } } @@ -1204,7 +1205,8 @@ for _, strategy in helpers.each_strategy() do ["Host"] = "hmacauth3.test", }, }) - assert.response(res).has.status(500) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) it("should pass with GET when body validation enabled", function() diff --git a/spec/03-plugins/20-ldap-auth/01-access_spec.lua b/spec/03-plugins/20-ldap-auth/01-access_spec.lua index af5dd2a6cd83..943329ab0655 100644 --- a/spec/03-plugins/20-ldap-auth/01-access_spec.lua +++ b/spec/03-plugins/20-ldap-auth/01-access_spec.lua @@ -37,6 +37,7 @@ for _, ldap_strategy in pairs(ldap_strategies) do local admin_client local route2 local plugin2 + local nonexisting_anonymous = uuid.uuid() -- a non existing consumer id lazy_setup(function() local bp = helpers.get_db_utils(strategy, { @@ -141,7 +142,7 @@ for _, ldap_strategy in pairs(ldap_strategies) do base_dn = "ou=scientists,dc=ldap,dc=mashape,dc=com", attribute = "uid", cache_ttl = 2, - anonymous = uuid.uuid(), -- non existing consumer + anonymous = nonexisting_anonymous, -- a non existing consumer id } } @@ -597,7 +598,8 @@ for _, ldap_strategy in pairs(ldap_strategies) do ["Host"] = "ldap4.test" } }) - assert.response(res).has.status(500) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) end) end) diff --git a/spec/03-plugins/25-oauth2/03-access_spec.lua b/spec/03-plugins/25-oauth2/03-access_spec.lua index 1f6813f8de53..7bbf6d87234c 100644 --- a/spec/03-plugins/25-oauth2/03-access_spec.lua +++ b/spec/03-plugins/25-oauth2/03-access_spec.lua @@ -172,6 +172,7 @@ describe("Plugin: oauth2 [#" .. strategy .. "]", function() local proxy_ssl_client local proxy_client local client1 + local nonexisting_anonymous = uuid.uuid() -- a non existing consumer id lazy_setup(function() @@ -511,7 +512,7 @@ describe("Plugin: oauth2 [#" .. strategy .. "]", function() config = { scopes = { "email", "profile", "user.email" }, global_credentials = true, - anonymous = uuid.uuid(), -- a non existing consumer + anonymous = nonexisting_anonymous, -- a non existing consumer id }, }) @@ -3373,7 +3374,8 @@ describe("Plugin: oauth2 [#" .. strategy .. "]", function() ["Host"] = "oauth2_10.test" } }) - assert.res_status(500, res) + local body = cjson.decode(assert.res_status(500, res)) + assert.same("anonymous consumer " .. nonexisting_anonymous .. " is configured but doesn't exist", body.message) end) it("returns success and the token should have the right expiration when a custom header is passed", function() local res = assert(proxy_ssl_client:send {