[apisix] branch master updated: fix: hidding real message when password or username is error (#6707)

membphis Sat, 26 Mar 2022 19:05:46 -0700

This is an automated email from the ASF dual-hosted git repository.

membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git



The following commit(s) were added to refs/heads/master by this push:
     new ee7771b  fix: hidding real message when password or username is error 
(#6707)
ee7771b is described below

commit ee7771b34ed2616cec861dc0c84df4a574fb4014
Author: Gaoll <[email protected]>
AuthorDate: Sun Mar 27 10:05:16 2022 +0800

    fix: hidding real message when password or username is error (#6707)
    
    Co-authored-by: root <[email protected]>
---
 apisix/plugins/basic-auth.lua        | 4 ++--
 apisix/plugins/ldap-auth.lua         | 2 +-
 docs/en/latest/plugins/basic-auth.md | 4 ++--
 docs/en/latest/plugins/ldap-auth.md  | 4 ++--
 docs/zh/latest/plugins/basic-auth.md | 4 ++--
 t/plugin/basic-auth.t                | 4 ++--
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua
index 235154f..83519bf 100644
--- a/apisix/plugins/basic-auth.lua
+++ b/apisix/plugins/basic-auth.lua
@@ -167,14 +167,14 @@ function _M.rewrite(conf, ctx)
     -- 3. check user exists
     local cur_consumer = consumers[username]
     if not cur_consumer then
-        return 401, { message = "Invalid user key in authorization" }
+        return 401, { message = "Invalid user authorization" }
     end
     core.log.info("consumer: ", core.json.delay_encode(cur_consumer))
 
 
     -- 4. check the password is correct
     if cur_consumer.auth_conf.password ~= password then
-        return 401, { message = "Password is error" }
+        return 401, { message = "Invalid user authorization" }
     end
 
     -- 5. hide `Authorization` request header if `hide_credentials` is `true`
diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua
index 59b48f0..6ea32f0 100644
--- a/apisix/plugins/ldap-auth.lua
+++ b/apisix/plugins/ldap-auth.lua
@@ -152,7 +152,7 @@ function _M.rewrite(conf, ctx)
         create_consumer_cache, consumer_conf)
     local consumer = consumers[userdn]
     if not consumer then
-        return 401, {message = "Invalid API key in request"}
+        return 401, {message = "Invalid user authorization"}
     end
     consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
 
diff --git a/docs/en/latest/plugins/basic-auth.md 
b/docs/en/latest/plugins/basic-auth.md
index 6f3dab9..10ccc2c 100644
--- a/docs/en/latest/plugins/basic-auth.md
+++ b/docs/en/latest/plugins/basic-auth.md
@@ -105,7 +105,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -ubar:bar http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Invalid user key in authorization"}
+{"message":"Invalid user authorization"}
 ```
 
 - password is invalid:
@@ -114,7 +114,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -ufoo:foo http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Password is error"}
+{"message":"Invalid user authorization"}
 ```
 
 - success:
diff --git a/docs/en/latest/plugins/ldap-auth.md 
b/docs/en/latest/plugins/ldap-auth.md
index be76a48..6ca6aec 100644
--- a/docs/en/latest/plugins/ldap-auth.md
+++ b/docs/en/latest/plugins/ldap-auth.md
@@ -104,7 +104,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -uuser:password1 http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Invalid user key in authorization"}
+{"message":"Invalid user authorization"}
 ```
 
 - password is invalid:
@@ -113,7 +113,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -uuser01:passwordfalse http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Password is error"}
+{"message":"Invalid user authorization"}
 ```
 
 - success:
diff --git a/docs/zh/latest/plugins/basic-auth.md 
b/docs/zh/latest/plugins/basic-auth.md
index fe44e57..739b048 100644
--- a/docs/zh/latest/plugins/basic-auth.md
+++ b/docs/zh/latest/plugins/basic-auth.md
@@ -105,7 +105,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -ubar:bar http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Invalid user key in authorization"}
+{"message":"Invalid user authorization"}
 ```
 
 - 密码错误：
@@ -114,7 +114,7 @@ HTTP/1.1 401 Unauthorized
 $ curl -i -ufoo:foo http://127.0.0.1:9080/hello
 HTTP/1.1 401 Unauthorized
 ...
-{"message":"Password is error"}
+{"message":"Invalid user authorization"}
 ...
 ```
 
diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t
index 3f0030f..f8cf5ab 100644
--- a/t/plugin/basic-auth.t
+++ b/t/plugin/basic-auth.t
@@ -196,7 +196,7 @@ GET /hello
 Authorization: Basic YmFyOmJhcgo=
 --- error_code: 401
 --- response_body
-{"message":"Invalid user key in authorization"}
+{"message":"Invalid user authorization"}
 --- no_error_log
 [error]
 
@@ -209,7 +209,7 @@ GET /hello
 Authorization: Basic Zm9vOmZvbwo=
 --- error_code: 401
 --- response_body
-{"message":"Password is error"}
+{"message":"Invalid user authorization"}
 --- no_error_log
 [error]

[apisix] branch master updated: fix: hidding real message when password or username is error (#6707)

Reply via email to