shreemaan-abhishek commented on code in PR #11089:
URL: https://github.com/apache/apisix/pull/11089#discussion_r1556911905
##########
t/plugin/openid-connect5.t:
##########
@@ -138,3 +138,77 @@ __DATA__
}
--- response_body_like
hello world
+
+
+
+=== TEST 2: Call to route with locking session storage, no authentication and
unauth_action 'deny' should not block subsequent requests on same session
+--- config
+ set $session_storage redis;
+ set $session_redis_uselocking on;
+
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local http = require "resty.http"
+ local login_keycloak = require("lib.keycloak").login_keycloak
+ local concatenate_cookies =
require("lib.keycloak").concatenate_cookies
+
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "openid-connect": {
+ "discovery":
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+ "realm": "University",
+ "client_id": "course_management",
+ "client_secret":
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+ "redirect_uri": "http://127.0.0.1:]] ..
ngx.var.server_port .. [[/authenticated",
+ "ssl_verify": false,
+ "unauth_action": "deny"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/*"
+ }]]
+ )
+
+ local uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/hello"
+
+ -- Make the final call to protected route WITHOUT cookie
+ local httpc = http.new()
+ local res, err = httpc:request_uri(uri, {method = "GET"})
+
+ -- Extract cookie which is not authenticated
+ local cookie_str = concatenate_cookies(res.headers['Set-Cookie'])
Review Comment:
I don't think the response would contain `set-cookie` header 🤔
##########
t/plugin/openid-connect5.t:
##########
@@ -138,3 +138,77 @@ __DATA__
}
--- response_body_like
hello world
+
+
+
+=== TEST 2: Call to route with locking session storage, no authentication and
unauth_action 'deny' should not block subsequent requests on same session
+--- config
+ set $session_storage redis;
+ set $session_redis_uselocking on;
Review Comment:
why are these two required?
##########
t/plugin/openid-connect5.t:
##########
@@ -138,3 +138,77 @@ __DATA__
}
--- response_body_like
hello world
+
+
+
+=== TEST 2: Call to route with locking session storage, no authentication and
unauth_action 'deny' should not block subsequent requests on same session
+--- config
+ set $session_storage redis;
+ set $session_redis_uselocking on;
+
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local http = require "resty.http"
+ local login_keycloak = require("lib.keycloak").login_keycloak
+ local concatenate_cookies =
require("lib.keycloak").concatenate_cookies
+
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "openid-connect": {
+ "discovery":
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+ "realm": "University",
+ "client_id": "course_management",
+ "client_secret":
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+ "redirect_uri": "http://127.0.0.1:]] ..
ngx.var.server_port .. [[/authenticated",
+ "ssl_verify": false,
+ "unauth_action": "deny"
Review Comment:
does unauth_action mean that all unauth reqs will be denied by default?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
