SkyeYoung commented on code in PR #12611:
URL: https://github.com/apache/apisix/pull/12611#discussion_r2343252988
##########
apisix/plugins/jwt-auth.lua:
##########
@@ -144,8 +142,9 @@ function _M.check_schema(conf, schema_type)
return false, err
end
- if conf.algorithm ~= "RS256" and conf.algorithm ~= "ES256" and not
conf.secret then
- conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+ if (conf.algorithm == "HS256" or conf.algorithm == "HS512") and not
conf.secret then
+ err = "property \"secret\" is required when \"algorithm\" is \"HS256\"
or \"HS512\""
Review Comment:
done
##########
t/plugin/jwt-auth.t:
##########
@@ -1222,3 +1222,71 @@ hello world
--- error_code: 400
--- response_body
{"error_msg":"invalid plugins configuration: failed to check the configuration
of plugin jwt-auth err: failed to validate dependent schema for \"algorithm\":
value should match only one schema, but matches none"}
+
+
+
+=== TEST 52: secret is required when algorithm is not RS256 or ES256
+--- config
+ location /t {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local plugin = require("apisix.plugins.jwt-auth")
+ -- default algorithm is HS256
+ local ok, err = plugin.check_schema({
+ key = "123",
+ }, core.schema.TYPE_CONSUMER)
+ if not ok then
+ ngx.say(err)
+ else
+ ngx.say("done")
+ end
Review Comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
