This is an automated email from the ASF dual-hosted git repository. membphis pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push: new ee7771b fix: hidding real message when password or username is error (#6707) ee7771b is described below commit ee7771b34ed2616cec861dc0c84df4a574fb4014 Author: Gaoll <lxjgaoli...@126.com> AuthorDate: Sun Mar 27 10:05:16 2022 +0800 fix: hidding real message when password or username is error (#6707) Co-authored-by: root <root@DESKTOP-QE043PO.localdomain> --- apisix/plugins/basic-auth.lua | 4 ++-- apisix/plugins/ldap-auth.lua | 2 +- docs/en/latest/plugins/basic-auth.md | 4 ++-- docs/en/latest/plugins/ldap-auth.md | 4 ++-- docs/zh/latest/plugins/basic-auth.md | 4 ++-- t/plugin/basic-auth.t | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 235154f..83519bf 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx) -- 3. check user exists local cur_consumer = consumers[username] if not cur_consumer then - return 401, { message = "Invalid user key in authorization" } + return 401, { message = "Invalid user authorization" } end core.log.info("consumer: ", core.json.delay_encode(cur_consumer)) -- 4. check the password is correct if cur_consumer.auth_conf.password ~= password then - return 401, { message = "Password is error" } + return 401, { message = "Invalid user authorization" } end -- 5. hide `Authorization` request header if `hide_credentials` is `true` diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua index 59b48f0..6ea32f0 100644 --- a/apisix/plugins/ldap-auth.lua +++ b/apisix/plugins/ldap-auth.lua @@ -152,7 +152,7 @@ function _M.rewrite(conf, ctx) create_consumer_cache, consumer_conf) local consumer = consumers[userdn] if not consumer then - return 401, {message = "Invalid API key in request"} + return 401, {message = "Invalid user authorization"} end consumer_mod.attach_consumer(ctx, consumer, consumer_conf) diff --git a/docs/en/latest/plugins/basic-auth.md b/docs/en/latest/plugins/basic-auth.md index 6f3dab9..10ccc2c 100644 --- a/docs/en/latest/plugins/basic-auth.md +++ b/docs/en/latest/plugins/basic-auth.md @@ -105,7 +105,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -ubar:bar http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Invalid user key in authorization"} +{"message":"Invalid user authorization"} ``` - password is invalid: @@ -114,7 +114,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -ufoo:foo http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Password is error"} +{"message":"Invalid user authorization"} ``` - success: diff --git a/docs/en/latest/plugins/ldap-auth.md b/docs/en/latest/plugins/ldap-auth.md index be76a48..6ca6aec 100644 --- a/docs/en/latest/plugins/ldap-auth.md +++ b/docs/en/latest/plugins/ldap-auth.md @@ -104,7 +104,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -uuser:password1 http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Invalid user key in authorization"} +{"message":"Invalid user authorization"} ``` - password is invalid: @@ -113,7 +113,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -uuser01:passwordfalse http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Password is error"} +{"message":"Invalid user authorization"} ``` - success: diff --git a/docs/zh/latest/plugins/basic-auth.md b/docs/zh/latest/plugins/basic-auth.md index fe44e57..739b048 100644 --- a/docs/zh/latest/plugins/basic-auth.md +++ b/docs/zh/latest/plugins/basic-auth.md @@ -105,7 +105,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -ubar:bar http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Invalid user key in authorization"} +{"message":"Invalid user authorization"} ``` - 密码错误: @@ -114,7 +114,7 @@ HTTP/1.1 401 Unauthorized $ curl -i -ufoo:foo http://127.0.0.1:9080/hello HTTP/1.1 401 Unauthorized ... -{"message":"Password is error"} +{"message":"Invalid user authorization"} ... ``` diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 3f0030f..f8cf5ab 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -196,7 +196,7 @@ GET /hello Authorization: Basic YmFyOmJhcgo= --- error_code: 401 --- response_body -{"message":"Invalid user key in authorization"} +{"message":"Invalid user authorization"} --- no_error_log [error] @@ -209,7 +209,7 @@ GET /hello Authorization: Basic Zm9vOmZvbwo= --- error_code: 401 --- response_body -{"message":"Password is error"} +{"message":"Invalid user authorization"} --- no_error_log [error]