Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When apikey is missing or it's wrong 500 returned instead of 401 in 0.10.1 #2385

Closed
arapost-bmj opened this issue Apr 13, 2017 · 5 comments
Closed

When apikey is missing or it's wrong 500 returned instead of 401 in 0.10.1 #2385

arapost-bmj opened this issue Apr 13, 2017 · 5 comments

Comments

@arapost-bmj
Copy link

Summary

After upgrading to 0.10.1, when the apikey is missing (we are using key-auth plugin) or it's wrong, 500 is returned with plain/text message body: "An unexpected error occurred" instead of 401 with json:
{
"message": "No API key found in headers or querystring"
}

Steps To Reproduce

  1. Call an api that has the key-auth plugin enabled

Additional Details & Logs

  • Kong version : 0.10.1.
@Tieske
Copy link
Member

Tieske commented Apr 13, 2017

what's in the logs?

@arapost-bmj
Copy link
Author

Sorry, here are the logs, I just removed the key itself and the host name we are using:

2017/04/13 10:10:11 [error] 30754#0: *297 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/kong/tools/database_cache.lua:223: attempt to conca
tenate local 'id' (a nil value)
stack traceback:
coroutine 0:
/usr/local/share/lua/5.1/kong/tools/database_cache.lua: in function 'consumer_key'
/usr/local/share/lua/5.1/kong/plugins/key-auth/handler.lua:135: in function 'access'
/usr/local/share/lua/5.1/kong.lua:256: in function 'access'
access_by_lua(nginx-kong.conf:81):2: in function <access_by_lua(nginx-kong.conf:81):1>, client: 10.1.172.70, server: kong, request: "POST /api/sessions
/keepalive?apikey=xxxxxxx HTTP/1.1", host: "xxxxxxxx"

@p0pr0ck5
Copy link
Contributor

Sounds like this was handled in #2313? Unfortunately that fix hasn't been published yet, and likely won't for a while... :(

@ghost
Copy link

ghost commented Apr 14, 2017

The same is happening in my environment when the oauth2 authorization token is expired or missing:
==> error.log <==
2017/04/14 12:10:36 [error] 85#0: *1015747 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/kong/tools/database_cache.lua:223: attempt to concatenate local 'id' (a nil value)
stack traceback:
coroutine 0:
/usr/local/share/lua/5.1/kong/tools/database_cache.lua: in function 'consumer_key'
/usr/local/share/lua/5.1/kong/plugins/oauth2/access.lua:556: in function 'execute'
/usr/local/share/lua/5.1/kong/plugins/oauth2/handler.lua:12: in function 'access'
/usr/local/share/lua/5.1/kong.lua:256: in function 'access'
access_by_lua(nginx-kong.conf:81):2: in function <access_by_lua(nginx-kong.conf:81):1>, client: 192.168.71.0, server: kong, request: "POST /some-path HTTP/1.1", host: "api.xxxxxxx.net"

@Tieske
Copy link
Member

Tieske commented Apr 28, 2017

this has been fixed, released on 0.11

@Tieske Tieske closed this as completed Apr 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Tieske @p0pr0ck5 @arapost-bmj