Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(hmac): add missing www-authenticate headers #11791

Merged
merged 1 commit into from
Jun 17, 2024
Merged

fix(hmac): add missing www-authenticate headers #11791

merged 1 commit into from
Jun 17, 2024

Conversation

nowNick
Copy link
Contributor

@nowNick nowNick commented Oct 19, 2023
edited
Loading

Summary

When kong returns 401 Unauthorized response it should return WWW-Authenticate header with proper challenge. HMAC auth was missing this header.

Related PRs:

RFCs & Materials

Checklist

  • The Pull Request has tests
  • A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
  • N/A There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

  • add WWW-Authenticate header to hmac 401 response

Issue reference

@nowNick nowNick mentioned this pull request Oct 19, 2023
Closed
@nowNick nowNick marked this pull request as ready for review October 19, 2023 10:47
This was referenced Oct 19, 2023
Merged
Merged
Merged
Merged
Merged
@locao locao requested a review from brentos October 24, 2023 16:47
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch from c35d2da to d87e18b Compare October 26, 2023 12:05
@nowNick nowNick requested a review from bungle October 26, 2023 12:08
@nowNick nowNick marked this pull request as draft October 31, 2023 09:34
@nowNick nowNick mentioned this pull request Nov 2, 2023
Draft
3 tasks
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch from 8e37f9a to 150a3e4 Compare February 15, 2024 12:14
@pull-request-size pull-request-size bot added size/L and removed size/M labels Feb 15, 2024
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch from 150a3e4 to 89c7290 Compare April 30, 2024 14:08
@github-actions github-actions bot added the cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee label Apr 30, 2024
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch 2 times, most recently from e368f65 to 5be3025 Compare April 30, 2024 14:33
@nowNick nowNick marked this pull request as ready for review April 30, 2024 14:51
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch 2 times, most recently from ab1789f to cc8e544 Compare May 9, 2024 12:52
@nowNick nowNick requested review from jschmid1 and hanshuebner May 13, 2024 07:34
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch from cc8e544 to 4c8c799 Compare May 21, 2024 15:59
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch 6 times, most recently from d491487 to 630690a Compare May 21, 2024 16:29
@nowNick nowNick requested a review from jschmid1 May 22, 2024 17:42
@nowNick nowNick force-pushed the feat/implement-missing-www-authenticate-headers-hmac branch 4 times, most recently from 2517d20 to 9f85181 Compare June 14, 2024 13:23
@nowNick
fix(hmac): add missing www-authenticate headers
9f85181 
When server returns 401 Unauthorized response it should
return WWW-Authenticate header as well with proper challenge.
HMAC auth was missing this header.

Fix: #7772
KAG-321
@jschmid1 jschmid1 merged commit ea6b3c8 into master Jun 17, 2024
27 checks passed
@jschmid1 jschmid1 deleted the feat/implement-missing-www-authenticate-headers-hmac branch June 17, 2024 08:21
@team-gateway-bot
Copy link
Collaborator

Cherry-pick failed for master, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git remote add upstream https://github.com/kong/kong-ee
git fetch upstream master
git worktree add -d .worktree/cherry-pick-11791-to-master-to-upstream upstream/master
cd .worktree/cherry-pick-11791-to-master-to-upstream
git checkout -b cherry-pick-11791-to-master-to-upstream
ancref=$(git merge-base 75850071308b6a96e15c6c1ac4e9090c3cb6e4e4 9f851815190654cb49c530b3f6929fa09d827525)
git cherry-pick -x $ancref..9f851815190654cb49c530b3f6929fa09d827525

@github-actions github-actions bot added the incomplete-cherry-pick A cherry-pick was incomplete and needs manual intervention label Jun 17, 2024
@AndyZhang0707
Copy link
Collaborator

@nowNick please help and manually cherry-pick to ee, thanks.

@nowNick nowNick removed the incomplete-cherry-pick A cherry-pick was incomplete and needs manual intervention label Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschmid1 jschmid1 jschmid1 approved these changes

@hanshuebner hanshuebner hanshuebner approved these changes

@brentos brentos Awaiting requested review from brentos

@bungle bungle Awaiting requested review from bungle

Assignees

@nowNick nowNick

Labels
cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/clustering plugins/hmac-auth schema-change-noteworthy size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

WWW-Authenticate header not present when Kong and plugins return HTTP status 401
5 participants
@nowNick @team-gateway-bot @AndyZhang0707 @hanshuebner @jschmid1