Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support hide the authentication header in basic-auth with a config #6039

Merged
merged 30 commits into from
Jan 14, 2022
Merged

feat: support hide the authentication header in basic-auth with a config #6039

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
dc2570a
fix:
Sep 1, 2021
f0d6f6f
merge from upstream master
Sep 29, 2021
3845a27
Merge remote-tracking branch 'upstream/master'
Oct 15, 2021
db0c9e7
feature: support hide the authentication header in basic-auth plugin
mangoGoForward Jan 6, 2022
0cee869
add test case with hide auth header
mangoGoForward Jan 7, 2022
79ca875
Revert "fix: when eureka server return compressed data, use lua-zlib …
mangoGoForward Jan 7, 2022
9a9565c
remove blank line
mangoGoForward Jan 7, 2022
10d35fd
change default value of hide_auth_header to `true`
mangoGoForward Jan 7, 2022
c642635
change default value of hide_auth_header to `true`
mangoGoForward Jan 7, 2022
29d3077
fix code lint error
mangoGoForward Jan 7, 2022
1c42db0
fix code lint error
mangoGoForward Jan 7, 2022
7a663fa
Merge pull request #1 from mangoGoForward/feature/hide-auth-header
mangoGoForward Jan 7, 2022
6e8d684
hide Authentication request header if hide_auth_header is true
mangoGoForward Jan 7, 2022
ec3bec6
hide Authentication request header if hide_auth_header is true
mangoGoForward Jan 7, 2022
37076a7
Merge branch 'apache:master' into master
mangoGoForward Jan 10, 2022
484d05d
change config item `hide_auth_header` to `hide_credentials` and updat…
mangoGoForward Jan 10, 2022
63aa704
change config item `hide_auth_header` to `hide_credentials` and updat…
mangoGoForward Jan 10, 2022
210c9d5
add test cases to cover it
mangoGoForward Jan 10, 2022
cb53193
add test cases to cover it
mangoGoForward Jan 10, 2022
395ac1a
add test cases
mangoGoForward Jan 12, 2022
25602a7
add test cases
mangoGoForward Jan 12, 2022
41bb17e
update basic-auth doc
mangoGoForward Jan 12, 2022
49b7850
remove log_level
mangoGoForward Jan 12, 2022
a1deeef
Revert "feat: support hide the authentication header in basic-auth"
mangoGoForward Jan 14, 2022
4fc743f
Merge pull request #2 from mangoGoForward/revert-1-feature/hide-auth-…
mangoGoForward Jan 14, 2022
8440045
Merge branch 'master' into feature/hide-auth-header
mangoGoForward Jan 14, 2022
8531227
Revert "Revert "feat: support hide the authentication header in basic…
mangoGoForward Jan 14, 2022
31af04d
change en doc
mangoGoForward Jan 14, 2022
ccc46b6
change zh doc
mangoGoForward Jan 14, 2022
1b0ffe4
Merge branch 'apache:master' into feature/hide-auth-header
mangoGoForward Jan 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion apisix/plugins/basic-auth.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,12 @@ local consumers_lrucache = core.lrucache.new({
local schema = {
type = "object",
title = "work with route or service object",
properties = {},
properties = {
hide_auth_header = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hide_credentials would be better? Kong uses this field in their basic-auth.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

type = "boolean",
default = true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the default value should be false.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
default = true,
default = true,

Ditto

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

}
},
}

local consumer_schema = {
Expand All @@ -39,6 +44,10 @@ local consumer_schema = {
properties = {
username = { type = "string" },
password = { type = "string" },
hide_auth_header = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to configure it in the consumer

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

type = "boolean",
default = true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
default = true,
default = false,

Need to discuss it in maillist if use true as default value

}
},
required = {"username", "password"},
}
Expand Down Expand Up @@ -161,6 +170,11 @@ function _M.rewrite(conf, ctx)
return 401, { message = "Password is error" }
end

-- 5. hide `Authentication` request header if `hide_auth_header` is `true`
if conf.hide_auth_header == true then
core.request.set_header(ctx, "Authentication", "")
end

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original issue seems to avoid to send the header to upstream.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, use core.request.set_header(ctx, "Authentication", nil) can avoid.

consumer.attach_consumer(ctx, cur_consumer, consumer_conf)

core.log.info("hit basic-auth access")
Expand Down
13 changes: 7 additions & 6 deletions docs/en/latest/plugins/basic-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,11 @@ For more information on Basic authentication, refer to [Wiki](https://en.wikiped

## Attributes

| Name | Type | Requirement | Default | Valid | Description |
| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
| password | string | required | | | the user's password |
| Name | Type | Requirement | Default | Valid | Description |
| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
| password | string | required | | | the user's password |
| hide_auth_header | boolean | optional | true | | Whether to return the Authentication request headers to the client. |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| Name | Type | Requirement | Default | Valid | Description |
| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
| password | string | required | | | the user's password |
| hide_auth_header | boolean | optional | true | | Whether to return the Authentication request headers to the client. |
| Name | Type | Requirement | Default | Valid | Description |
| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| username | string | required | | | Different `consumer` should have different value which is unique. When different `consumer` use a same `username`, a request matching exception would be raised. |
| password | string | required | | | the user's password |
| hide_auth_header | boolean | optional | true | | Whether to return the Authentication request headers to the upstream. |

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.


## How To Enable

Expand Down Expand Up @@ -129,8 +130,8 @@ hello, world
## Disable Plugin

When you want to disable the `basic-auth` plugin, it is very simple,
you can delete the corresponding json configuration in the plugin configuration,
no need to restart the service, it will take effect immediately:
you can delete the corresponding json configuration in the plugin configuration,
no need to restart the service, it will take effect immediately:

```shell
$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d '
Expand Down
1 change: 1 addition & 0 deletions docs/zh/latest/plugins/basic-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ title: basic-auth
| -------- | ------ | ------ | ------ | ------ | ------------------------------------------------------------------------------------------------------------------ |
| username | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `username` ,将会出现请求匹配异常。 |
| password | string | 必须 | | | 用户的密码 |
| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 请求头返回给客户端. |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| hide_auth_header | boolean | 可选 | true | | 是否将 Authentication 请求头返回给客户端. |
| hide_auth_header | boolean | 可选 | false | | 是否将 Authentication 请求头传递给 upstream。 |

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.


## 如何启用

Expand Down