consumer-plugin3.t 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. #
  2. # Licensed to the Apache Software Foundation (ASF) under one or more
  3. # contributor license agreements. See the NOTICE file distributed with
  4. # this work for additional information regarding copyright ownership.
  5. # The ASF licenses this file to You under the Apache License, Version 2.0
  6. # (the "License"); you may not use this file except in compliance with
  7. # the License. You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. #
  17. use t::APISIX 'no_plan';
  18. repeat_each(1);
  19. no_long_string();
  20. no_shuffle();
  21. no_root_location();
  22. run_tests;
  23. __DATA__
  24. === TEST 1: add consumer with csrf plugin (data encryption enabled)
  25. --- yaml_config
  26. apisix:
  27. data_encryption:
  28. enable_encrypt_fields: true
  29. keyring:
  30. - edd1c9f0985e76a2
  31. --- config
  32. location /t {
  33. content_by_lua_block {
  34. local t = require("lib.test_admin").test
  35. local json = require("toolkit.json")
  36. local code, body = t('/apisix/admin/consumers',
  37. ngx.HTTP_PUT,
  38. [[{
  39. "username": "jack",
  40. "plugins": {
  41. "key-auth": {
  42. "key": "key-a"
  43. },
  44. "csrf": {
  45. "key": "userkey",
  46. "expires": 1000000000
  47. }
  48. }
  49. }]]
  50. )
  51. if code >= 300 then
  52. ngx.status = code
  53. ngx.say(body)
  54. return
  55. end
  56. ngx.sleep(0.1)
  57. -- verify csrf key is decrypted in admin API
  58. local code, message, res = t('/apisix/admin/consumers/jack',
  59. ngx.HTTP_GET
  60. )
  61. if code >= 300 then
  62. ngx.status = code
  63. ngx.say(message)
  64. return
  65. end
  66. local consumer = json.decode(res)
  67. ngx.say(consumer.value.plugins["csrf"].key)
  68. -- verify csrf key is encrypted in etcd
  69. local etcd = require("apisix.core.etcd")
  70. local res = assert(etcd.get('/consumers/jack'))
  71. ngx.say(res.body.node.value.plugins["csrf"].key)
  72. }
  73. }
  74. --- request
  75. GET /t
  76. --- response_body
  77. userkey
  78. mt39FazQccyMqt4ctoRV7w==
  79. --- no_error_log
  80. [error]
  81. === TEST 2: add route
  82. --- config
  83. location /t {
  84. content_by_lua_block {
  85. local t = require("lib.test_admin").test
  86. local code, body = t('/apisix/admin/routes/1',
  87. ngx.HTTP_PUT,
  88. [[{
  89. "uri": "/hello",
  90. "plugins": {
  91. "key-auth": {}
  92. },
  93. "upstream": {
  94. "nodes": {
  95. "127.0.0.1:1980": 1
  96. },
  97. "type": "roundrobin"
  98. }
  99. }]]
  100. )
  101. if code >= 300 then
  102. ngx.status = code
  103. end
  104. ngx.say(body)
  105. }
  106. }
  107. --- request
  108. GET /t
  109. --- response_body
  110. passed
  111. === TEST 3: invalid request - no csrf token
  112. --- yaml_config
  113. apisix:
  114. data_encryption:
  115. enable_encrypt_fields: true
  116. keyring:
  117. - edd1c9f0985e76a2
  118. --- request
  119. POST /hello
  120. --- more_headers
  121. apikey: key-a
  122. --- error_code: 401
  123. --- response_body
  124. {"error_msg":"no csrf token in headers"}
  125. === TEST 4: valid request - with csrf token
  126. --- yaml_config
  127. apisix:
  128. data_encryption:
  129. enable_encrypt_fields: true
  130. keyring:
  131. - edd1c9f0985e76a2
  132. --- request
  133. POST /hello
  134. --- more_headers
  135. apikey: key-a
  136. apisix-csrf-token: eyJyYW5kb20iOjAuNDI5ODYzMTk3MTYxMzksInNpZ24iOiI0ODRlMDY4NTkxMWQ5NmJhMDc5YzQ1ZGI0OTE2NmZkYjQ0ODhjODVkNWQ0NmE1Y2FhM2UwMmFhZDliNjE5OTQ2IiwiZXhwaXJlcyI6MjY0MzExOTYyNH0=
  137. Cookie: apisix-csrf-token=eyJyYW5kb20iOjAuNDI5ODYzMTk3MTYxMzksInNpZ24iOiI0ODRlMDY4NTkxMWQ5NmJhMDc5YzQ1ZGI0OTE2NmZkYjQ0ODhjODVkNWQ0NmE1Y2FhM2UwMmFhZDliNjE5OTQ2IiwiZXhwaXJlcyI6MjY0MzExOTYyNH0=
  138. --- response_body
  139. hello world
  140. --- no_error_log
  141. [error]