This is an automated email from the ASF dual-hosted git repository.
juzhiyuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git
The following commit(s) were added to refs/heads/master by this push:
new dd7658a fix: well handle with malformed auth token in request header
(#1206)
dd7658a is described below
commit dd7658a194423d30712f1662c83f629f0df56384
Author: Joey <[email protected]>
AuthorDate: Tue Jan 5 15:53:07 2021 +0800
fix: well handle with malformed auth token in request header (#1206)
* fix: not panic if auth token is invalid
Signed-off-by: imjoey <[email protected]>
* do not record the false in log
Signed-off-by: imjoey <[email protected]>
---
api/internal/filter/authentication.go | 5 ++--
api/test/e2e/authentication_test.go | 56 +++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+), 2 deletions(-)
diff --git a/api/internal/filter/authentication.go
b/api/internal/filter/authentication.go
index 142015f..6bb7dd4 100644
--- a/api/internal/filter/authentication.go
+++ b/api/internal/filter/authentication.go
@@ -22,6 +22,7 @@ import (
"github.com/dgrijalva/jwt-go"
"github.com/gin-gonic/gin"
+
"github.com/apisix/manager-api/internal/conf"
"github.com/apisix/manager-api/internal/log"
)
@@ -41,8 +42,8 @@ func Authentication() gin.HandlerFunc {
"message": "Request Unauthorized",
}
- if err != nil || !token.Valid {
- log.Warnf("token validate failed: %s, %v", err,
token.Valid)
+ if err != nil || token == nil || !token.Valid {
+ log.Warnf("token validate failed: %s", err)
c.AbortWithStatusJSON(http.StatusUnauthorized,
errResp)
return
}
diff --git a/api/test/e2e/authentication_test.go
b/api/test/e2e/authentication_test.go
new file mode 100644
index 0000000..187fa19
--- /dev/null
+++ b/api/test/e2e/authentication_test.go
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package e2e
+
+import (
+ "net/http"
+ "testing"
+)
+
+func TestAuthentication_token(t *testing.T) {
+ tests := []HttpTestCase{
+ {
+ Desc: "Access with valid authentication token",
+ Object: ManagerApiExpect(t),
+ Method: http.MethodGet,
+ Path: "/apisix/admin/routes",
+ Headers: map[string]string{"Authorization": token},
+ ExpectStatus: http.StatusOK,
+ },
+ {
+ Desc: "Access with malformed authentication
token",
+ Object: ManagerApiExpect(t),
+ Method: http.MethodGet,
+ Path: "/apisix/admin/routes",
+ Headers: map[string]string{"Authorization":
"Not-A-Valid-Token"},
+ ExpectStatus: http.StatusUnauthorized,
+ ExpectBody: "\"message\":\"Request Unauthorized\"",
+ },
+ {
+ Desc: "Access without authentication token",
+ Object: ManagerApiExpect(t),
+ Method: http.MethodGet,
+ Path: "/apisix/admin/routes",
+ ExpectStatus: http.StatusUnauthorized,
+ ExpectBody: "\"message\":\"Request Unauthorized\"",
+ },
+ }
+
+ for _, tc := range tests {
+ testCaseCheck(tc, t)
+ }
+}
