diff --git a/kong/plugins/oauth2/access.lua b/kong/plugins/oauth2/access.lua index 2aa26adc2bd..6b5ebb00888 100644 --- a/kong/plugins/oauth2/access.lua +++ b/kong/plugins/oauth2/access.lua @@ -196,9 +196,6 @@ local function retrieve_client_credentials(parameters) local basic_parts = stringy.split(decoded_basic, ":") client_id = basic_parts[1] client_secret = basic_parts[2] - - print(client_id) - print(client_secret) end end end @@ -353,7 +350,8 @@ local function parse_access_token(conf) end function _M.execute(conf) - local path_prefix = ngx.ctx.api.path or "" + -- Check if the API has a path and if it's being invoked with the path resolver + local path_prefix = (ngx.ctx.api.path and stringy.startswith(ngx.var.request_uri, ngx.ctx.api.path)) and ngx.ctx.api.path or "" if stringy.endswith(path_prefix, "/") then path_prefix = path_prefix:sub(1, path_prefix:len() - 1) end diff --git a/spec/plugins/oauth2/access_spec.lua b/spec/plugins/oauth2/access_spec.lua index 10376ab7b00..24de44c02af 100644 --- a/spec/plugins/oauth2/access_spec.lua +++ b/spec/plugins/oauth2/access_spec.lua @@ -78,7 +78,7 @@ describe("Authentication Plugin", function() describe("OAuth2 Authorization", function() describe("Code Grant", function() - + it("should return an error when no provision_key is being sent", function() local response, status, headers = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { }, {host = "oauth2.com"}) local body = cjson.decode(response) @@ -170,6 +170,15 @@ describe("Authentication Plugin", function() assert.are.equal(1, utils.table_size(body)) assert.truthy(rex.match(body.redirect_uri, "^http://google\\.com/kong\\?code=[\\w]{32,32}$")) end) + + it("should fail with a path when using the DNS", function() + local response, status = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { provision_key = "provision123a", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "code" }, {host = "mockbin-path.com"}) + local body = cjson.decode(response) + assert.are.equal(400, status) + assert.are.equal(2, utils.table_size(body)) + assert.are.equal("invalid_provision_key", body.error) + assert.are.equal("Invalid Kong provision_key", body.error_description) + end) it("should return success with a path", function() local response, status = http_client.post(PROXY_SSL_URL.."/somepath/oauth2/authorize", { provision_key = "provision123", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "code" }, {host = "mockbin-path.com"}) @@ -218,9 +227,9 @@ describe("Authentication Plugin", function() assert.are.equal("userid123", data[1].authenticated_userid) assert.are.equal("email", data[1].scope) end) - + end) - + describe("Implicit Grant", function() it("should return success", function() local response, status, headers = http_client.post(PROXY_SSL_URL.."/oauth2/authorize", { provision_key = "provision123", authenticated_userid = "id123", client_id = "clientid123", scope = "email", response_type = "token" }, {host = "oauth2.com"}) @@ -408,8 +417,9 @@ describe("Authentication Plugin", function() end) end) + end) - + describe("OAuth2 Access Token", function() it("should return an error when nothing is being sent", function() @@ -672,5 +682,5 @@ describe("Authentication Plugin", function() assert.falsy(body.headers.authorization) end) end) - + end)