This is an automated email from the ASF dual-hosted git repository.
style95 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 9134a03 Actions with require-whisk-auth annotation as boolean false
are rejected by controller (#4989)
9134a03 is described below
commit 9134a03c37f9be104cfc3523748ea6b8cfbfea38
Author: Nitika Agarwal <[email protected]>
AuthorDate: Mon Oct 12 18:17:11 2020 +0530
Actions with require-whisk-auth annotation as boolean false are rejected by
controller (#4989)
* Actions with require-whisk-auth annotation as boolean false are rejected
by controller
* Fix testcase
---
.../apache/openwhisk/core/controller/WebActions.scala | 9 +++++----
.../openwhisk/core/cli/test/WskWebActionsTests.scala | 18 ++++++++++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git
a/core/controller/src/main/scala/org/apache/openwhisk/core/controller/WebActions.scala
b/core/controller/src/main/scala/org/apache/openwhisk/core/controller/WebActions.scala
index 17536a5..4cf7496 100644
---
a/core/controller/src/main/scala/org/apache/openwhisk/core/controller/WebActions.scala
+++
b/core/controller/src/main/scala/org/apache/openwhisk/core/controller/WebActions.scala
@@ -784,10 +784,11 @@ trait WhiskWebActionsApi
annotations
.get(Annotations.RequireWhiskAuthAnnotation)
.map {
- case JsString(auth) => checkAuthHeader(auth) // allowed if
auth matches header
- case JsNumber(auth) => checkAuthHeader(auth.toString) //
allowed if auth matches header
- case JsTrue | JsBoolean(true) => authenticatedUser.isDefined //
allowed if user already authenticated
- case _ => false // not allowed, something is
not right
+ case JsString(auth) => checkAuthHeader(auth) // allowed if
auth matches header
+ case JsNumber(auth) => checkAuthHeader(auth.toString) //
allowed if auth matches header
+ case JsTrue | JsBoolean(true) => authenticatedUser.isDefined //
allowed if user already authenticated
+ case JsFalse | JsBoolean(false) => true // allowed if the
require-whisk-auth is specified as false
+ case _ => false // not allowed, something is
not right
}
}
diff --git
a/tests/src/test/scala/org/apache/openwhisk/core/cli/test/WskWebActionsTests.scala
b/tests/src/test/scala/org/apache/openwhisk/core/cli/test/WskWebActionsTests.scala
index 85008c3..e4f519c 100644
---
a/tests/src/test/scala/org/apache/openwhisk/core/cli/test/WskWebActionsTests.scala
+++
b/tests/src/test/scala/org/apache/openwhisk/core/cli/test/WskWebActionsTests.scala
@@ -147,6 +147,24 @@ class WskWebActionsTests extends TestHelpers with
WskTestHelpers with RestUtil w
authorizedResponse.body.asString.parseJson.asJsObject.fields("__ow_user").convertTo[String]
shouldBe namespace
}
+ /**
+ * Tests web action not requiring authentication.
+ */
+ it should "create a web action not requiring authentication accessible via
HTTPS" in withAssetCleaner(wskprops) {
+ (wp, assetHelper) =>
+ val name = "webaction"
+ val file = Some(TestUtils.getTestActionFilename("echo.js"))
+ val host = getServiceURL()
+ val url = s"$host$testRoutePath/$namespace/default/$name.json"
+
+ assetHelper.withCleaner(wsk.action, name) { (action, _) =>
+ action.create(name, file, web = Some("true"), annotations =
Map("require-whisk-auth" -> false.toJson))
+ }
+
+ val unauthorizedResponse = RestAssured.given().config(sslconfig).get(url)
+ unauthorizedResponse.statusCode shouldBe 200
+ }
+
it should "ensure that CORS header is preserved for custom options" in
withAssetCleaner(wskprops) {
(wp, assetHelper) =>
val name = "webaction"
