[apisix] branch master updated: fix(admin): check username for updating consumer (#4756)

Thu, 05 Aug 2021 04:27:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

tokers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 76f53e3  fix(admin): check username for updating consumer (#4756)
76f53e3 is described below

commit 76f53e3955f066465ba679cdf5cf3932495926b7
Author: okaybase <[email protected]>
AuthorDate: Thu Aug 5 19:26:58 2021 +0800

    fix(admin): check username for updating consumer (#4756)
    
    
    Co-authored-by: 罗泽轩 <[email protected]>
---
 apisix/admin/consumers.lua | 10 +++++++---
 t/admin/consumers2.t       | 22 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua
index c4d1e29..46b23de 100644
--- a/apisix/admin/consumers.lua
+++ b/apisix/admin/consumers.lua
@@ -25,7 +25,7 @@ local _M = {
 }
 
 
-local function check_conf(conf)
+local function check_conf(username, conf)
     -- core.log.error(core.json.encode(conf))
     if not conf then
         return nil, {error_msg = "missing configurations"}
@@ -38,6 +38,10 @@ local function check_conf(conf)
         return nil, {error_msg = "invalid configuration: " .. err}
     end
 
+    if username and username ~= conf.username then
+        return nil, {error_msg = "wrong username" }
+    end
+
     if conf.plugins then
         ok, err = plugins.check_schema(conf.plugins, core.schema.TYPE_CONSUMER)
         if not ok then
@@ -61,8 +65,8 @@ local function check_conf(conf)
 end
 
 
-function _M.put(_, conf)
-    local consumer_name, err = check_conf(conf)
+function _M.put(username, conf)
+    local consumer_name, err = check_conf(username, conf)
     if not consumer_name then
         return 400, err
     end
diff --git a/t/admin/consumers2.t b/t/admin/consumers2.t
index 9ff34a8..28bc2fc 100644
--- a/t/admin/consumers2.t
+++ b/t/admin/consumers2.t
@@ -151,3 +151,25 @@ __DATA__
     }
 --- response_body
 
{"action":"get","count":0,"node":{"dir":true,"key":"/apisix/consumers","nodes":{}}}
+
+
+
+=== TEST 5: mismatched username, PUT
+--- config
+    location /t {
+        content_by_lua_block {
+            local json = require("toolkit.json")
+            local t = require("lib.test_admin").test
+
+            local code, message, res = t('/apisix/admin/consumers/jack1',
+                ngx.HTTP_PUT,
+                [[{
+                     "username":"jack"
+                }]]
+            )
+
+            ngx.print(message)
+        }
+    }
+--- response_body
+{"error_msg":"wrong username"}

Reply via email to