[GitHub] [apisix] spacewander commented on a change in pull request #6039: feat: support hide the authentication header in basic-auth with a config

Fri, 07 Jan 2022 05:51:59 -0800 


spacewander commented on a change in pull request #6039:
URL: https://github.com/apache/apisix/pull/6039#discussion_r780273110



##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -30,7 +30,12 @@ local consumers_lrucache = core.lrucache.new({
 local schema = {
     type = "object",
     title = "work with route or service object",
-    properties = {},
+    properties = {
+        hide_auth_header = {

Review comment:
       `hide_credentials` would be better? Kong uses this field in their 
basic-auth.

##########
File path: docs/en/latest/plugins/basic-auth.md
##########
@@ -39,10 +39,11 @@ For more information on Basic authentication, refer to 
[Wiki](https://en.wikiped
 
 ## Attributes
 
-| Name     | Type   | Requirement | Default | Valid | Description              
                                                                                
                                                        |
-| -------- | ------ | ----------- | ------- | ----- | 
----------------------------------------------------------------------------------------------------------------------------------------------------------------
 |
-| username | string | required    |         |       | Different `consumer` 
should have different value which is unique. When different `consumer` use a 
same `username`, a request matching exception would be raised. |
-| password | string | required    |         |       | the user's password      
                                                                                
                                                        |
+| Name             | Type    | Requirement | Default | Valid | Description     
                                                                                
                                                                 |
+| --------         | ------  | ----------- | ------- | ----- | 
----------------------------------------------------------------------------------------------------------------------------------------------------------------
 |
+| username         | string  | required    |         |       | Different 
`consumer` should have different value which is unique. When different 
`consumer` use a same `username`, a request matching exception would be raised. 
|
+| password         | string  | required    |         |       | the user's 
password                                                                        
                                                                      |
+| hide_auth_header | boolean | optional    | false   |       | Whether to 
return the Authentication request headers to the upstream.                      
                                                                       |

Review comment:
       Let's distinguish route conf from the consumer's like this one: 
https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/ldap-auth.md#attributes

##########
File path: apisix/plugins/basic-auth.lua
##########
@@ -39,6 +44,10 @@ local consumer_schema = {
     properties = {
         username = { type = "string" },
         password = { type = "string" },
+        hide_auth_header = {

Review comment:
       We don't need to configure it in the consumer




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to