This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 580c1b938 fix: authz_keycloak plugin giving 500 error (#10763)
580c1b938 is described below
commit 580c1b93800fc2e1bf8080f0a8cdf28fa823a086
Author: Lakshya Gupta <[email protected]>
AuthorDate: Tue Jan 9 15:22:12 2024 +0530
fix: authz_keycloak plugin giving 500 error (#10763)
---
apisix/plugins/authz-keycloak.lua | 2 +-
t/plugin/authz-keycloak2.t | 87 +++++++++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/apisix/plugins/authz-keycloak.lua
b/apisix/plugins/authz-keycloak.lua
index 731e1f86c..5a7d32d26 100644
--- a/apisix/plugins/authz-keycloak.lua
+++ b/apisix/plugins/authz-keycloak.lua
@@ -503,7 +503,7 @@ local function authz_keycloak_resolve_resource(conf, uri,
sa_access_token)
if not resource_registration_endpoint then
local err = "Unable to determine registration endpoint."
log.error(err)
- return 503, err
+ return nil, err
end
log.debug("Resource registration endpoint: ",
resource_registration_endpoint)
diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t
index 09d5a8157..a8ced01a9 100644
--- a/t/plugin/authz-keycloak2.t
+++ b/t/plugin/authz-keycloak2.t
@@ -654,3 +654,90 @@ true
GET /t
--- response_body
true
+
+
+
+=== TEST 16: add plugin with lazy_load_paths when
resource_registration_endpoint is neither in config nor in the discovery doc
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "authz-keycloak": {
+ "discovery":
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+ "client_id": "course_management",
+ "client_secret":
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+ "lazy_load_paths": true
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/course/foo"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 17: Get access token for student and access view course route.
+--- config
+ location /t {
+ content_by_lua_block {
+ local json_decode = require("toolkit.json").decode
+ local http = require "resty.http"
+ local httpc = http.new()
+ local uri =
"http://127.0.0.1:8080/realms/University/protocol/openid-connect/token";
+ local res, err = httpc:request_uri(uri, {
+ method = "POST",
+ body =
"grant_type=password&client_id=course_management&client_secret=d1ec69e9-55d2-4109-a3ea-befa071579d5&[email protected]&password=123456",
+ headers = {
+ ["Content-Type"] = "application/x-www-form-urlencoded"
+ }
+ })
+
+ if res.status == 200 then
+ local body = json_decode(res.body)
+ local accessToken = body["access_token"]
+
+
+ uri = "http://127.0.0.1:"; .. ngx.var.server_port ..
"/course/foo"
+ local res, err = httpc:request_uri(uri, {
+ method = "GET",
+ headers = {
+ ["Authorization"] = "Bearer " .. accessToken,
+ }
+ })
+
+ if res.status == 503 then
+ ngx.say(true)
+ else
+ ngx.say(false)
+ end
+ else
+ ngx.say(false)
+ end
+ }
+ }
+--- request
+GET /t
+--- response_body
+true
+--- error_log
+Unable to determine registration endpoint.
