Fixes OAuth 2.0 when an API with a path is being consumed with the DN…

…S resolver
Kong · Aug 25, 2015 · 7dddf26 · 7dddf26
1 parent 66a2c32
commit 7dddf26
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua
@@ -196,9 +196,6 @@ local function retrieve_client_credentials(parameters)
         local basic_parts = stringy.split(decoded_basic, ":")
         client_id = basic_parts[1]
         client_secret = basic_parts[2]
-
-        print(client_id)
-        print(client_secret)
       end
     end
   end
@@ -353,7 +350,8 @@ local function parse_access_token(conf)
 end
 
 function _M.execute(conf)
-  local path_prefix = ngx.ctx.api.path or ""
+  -- Check if the API has a path and if it's being invoked with the path resolver
+  local path_prefix = (ngx.ctx.api.path and stringy.startswith(ngx.var.request_uri, ngx.ctx.api.path)) and ngx.ctx.api.path or ""
   if stringy.endswith(path_prefix, "/") then
     path_prefix = path_prefix:sub(1, path_prefix:len() - 1) 
   end

diff --git a/spec/plugins/oauth2/access_spec.lua b/spec/plugins/oauth2/access_spec.lua
@@ -78,7 +78,7 @@ describe("Authentication Plugin", function()
   describe("OAuth2 Authorization", function()
 
     describe("Code Grant", function()
-
+      
       it("should return an error when no provision_key is being sent", function()
         local response, status, headers = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { }, {host = "oauth2.com"})
         local body = cjson.decode(response)
@@ -170,6 +170,15 @@ describe("Authentication Plugin", function()
         assert.are.equal(1, utils.table_size(body))
         assert.truthy(rex.match(body.redirect_uri, "^http://google\\.com/kong\\?code=[\\w]{32,32}$"))
       end)
+
+      it("should fail with a path when using the DNS", function()
+        local response, status = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { provision_key = "provision123a", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "code" }, {host = "mockbin-path.com"})
+        local body = cjson.decode(response)
+        assert.are.equal(400, status)
+        assert.are.equal(2, utils.table_size(body))
+        assert.are.equal("invalid_provision_key", body.error)
+        assert.are.equal("Invalid Kong provision_key", body.error_description)
+      end)
 
       it("should return success with a path", function()
         local response, status = http_client.post(PROXY_SSL_URL.."/somepath/oauth2/authorize", { provision_key = "provision123", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "code" }, {host = "mockbin-path.com"})
@@ -218,9 +227,9 @@ describe("Authentication Plugin", function()
         assert.are.equal("userid123", data[1].authenticated_userid)
         assert.are.equal("email", data[1].scope)
       end)
-
+      
     end)
-
+    
     describe("Implicit Grant", function()
       it("should return success", function()
         local response, status, headers = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { provision_key = "provision123", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "token" }, {host = "oauth2.com"})
@@ -408,8 +417,9 @@ describe("Authentication Plugin", function()
       end)
 
     end)
+
   end)
-
+  
   describe("OAuth2 Access Token", function()
 
     it("should return an error when nothing is being sent", function()
@@ -672,5 +682,5 @@ describe("Authentication Plugin", function()
       assert.falsy(body.headers.authorization)
     end)
   end)
-
+  
 end)