From c151800ad3c0d44ce5645f88491f33b712f95e50 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Thu, 18 Jan 2024 12:25:10 +0800 Subject: [PATCH 01/10] fix: plugin jwe-decrypt decrypt failed #10835 --- apisix/plugins/jwe-decrypt.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apisix/plugins/jwe-decrypt.lua b/apisix/plugins/jwe-decrypt.lua index 8f7c6838037c..f163f4034ee1 100644 --- a/apisix/plugins/jwe-decrypt.lua +++ b/apisix/plugins/jwe-decrypt.lua @@ -110,7 +110,7 @@ local function jwe_decrypt_with_obj(o, consumer) secret, nil, cipher, - {iv = o.iv} + {iv = dec(o.iv)} ) local decrypted = aes_default:decrypt(dec(o.ciphertext), dec(o.tag)) From 9164e4b308b24512eca7cb7454b28b23d2eafddd Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Thu, 18 Jan 2024 16:13:11 +0800 Subject: [PATCH 02/10] fix: add test case --- t/plugin/jwe-decrypt.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 8a5d3dca9466..743277df6660 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -211,8 +211,8 @@ passed } --- response_body hello world - - +--- response_header +Authorization: hello === TEST 8: test for unsupported method --- request From f60f53bddc2185477ddec3af431266813f39294a Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Thu, 18 Jan 2024 16:15:05 +0800 Subject: [PATCH 03/10] fix: add test case --- t/plugin/jwe-decrypt.t | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 743277df6660..690166d21d78 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -211,9 +211,11 @@ passed } --- response_body hello world ---- response_header +--- response_headers Authorization: hello + + === TEST 8: test for unsupported method --- request PATCH /apisix/plugin/jwe/encrypt?key=user-key From 149ccba34bb786bebaae5b3809040d6bb87b1758 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Fri, 19 Jan 2024 08:57:58 +0800 Subject: [PATCH 04/10] fix: remove failed test case --- t/plugin/jwe-decrypt.t | 2 -- 1 file changed, 2 deletions(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 690166d21d78..8a5d3dca9466 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -211,8 +211,6 @@ passed } --- response_body hello world ---- response_headers -Authorization: hello From 37da94611f7bf4a65450bb6da737276acb445d04 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Fri, 19 Jan 2024 10:55:48 +0800 Subject: [PATCH 05/10] fix: add jwe-decrypt plugin verify test case --- t/plugin/jwe-decrypt.t | 65 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 8a5d3dca9466..c773cea8b3a9 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -471,3 +471,68 @@ GET /hello Authorization: eyJhbGciOiJkaXIiLCJraWQiOiJ1c2VyLWtleSIsImVuYyI6IkEyNTZHQ00ifQ..MTIzNDU2Nzg5MDEy._0DrWD0.vl-ydutnNuMpkYskwNqu-Q --- response_body hello world + + + +=== TEST 22: enable jwt decrypt plugin with test upstream route +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/3', + ngx.HTTP_PUT, + [[{ + "plugins": { + "jwe-decrypt": { + "header": "Authorization", + "forward_header": "Authorization" + } + }, + "upstream": { + "nodes": { + "httpbun.com": 1 + }, + "type": "roundrobin" + }, + "uri": "/get" + }]] + ) + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + +=== TEST 23: verify in upstream header +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, err, token = t('/apisix/plugin/jwe/encrypt?key=user-key&payload=decrypted_passed', + ngx.HTTP_GET + ) + + if code > 200 then + ngx.status = code + ngx.say(err) + return + end + + ngx.log(ngx.WARN, "dibag: ", token) + + code, err, body = t('/headers', + ngx.HTTP_GET, + nil, + nil, + { Authorization = token } + ) + + ngx.print(body) + } + } +--- response_body +decrypted_passed From 943da96c9b7e26d3924ce3686a727d5fcbb8d792 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Fri, 19 Jan 2024 10:58:28 +0800 Subject: [PATCH 06/10] fix: add jwe-decrypt plugin verify test case --- t/plugin/jwe-decrypt.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index c773cea8b3a9..4cee6fa24d99 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -494,7 +494,7 @@ hello world }, "type": "roundrobin" }, - "uri": "/get" + "uri": "/headers" }]] ) if code >= 300 then From 748627d466cd3e97cceb7c65d0c14d722a730f52 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Fri, 19 Jan 2024 11:32:06 +0800 Subject: [PATCH 07/10] fix: reindex bad style --- t/plugin/jwe-decrypt.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 4cee6fa24d99..cd156d2b6033 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -507,6 +507,7 @@ hello world passed + === TEST 23: verify in upstream header --- config location /t { From 77c758ea0c64977740cb86e23f042904f0396eb8 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Fri, 19 Jan 2024 14:06:34 +0800 Subject: [PATCH 08/10] fix: jwe-decrypt test case --- t/plugin/jwe-decrypt.t | 32 +++++--------------------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index cd156d2b6033..4e3fdc7bec73 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -509,31 +509,9 @@ passed === TEST 23: verify in upstream header ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, err, token = t('/apisix/plugin/jwe/encrypt?key=user-key&payload=decrypted_passed', - ngx.HTTP_GET - ) - - if code > 200 then - ngx.status = code - ngx.say(err) - return - end - - ngx.log(ngx.WARN, "dibag: ", token) - - code, err, body = t('/headers', - ngx.HTTP_GET, - nil, - nil, - { Authorization = token } - ) - - ngx.print(body) - } - } +--- request +GET /headers +--- more_headers +Authorization: eyJhbGciOiJkaXIiLCJraWQiOiJ1c2VyLWtleSIsImVuYyI6IkEyNTZHQ00ifQ..MTIzNDU2Nzg5MDEy._0DrWD0.vl-ydutnNuMpkYskwNqu-Q --- response_body -decrypted_passed +hello From 59554d4f951dc6b73943d3f8eb9f3e2e05991597 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Mon, 22 Jan 2024 15:18:48 +0800 Subject: [PATCH 09/10] fix: modify testcase --- t/plugin/jwe-decrypt.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 4e3fdc7bec73..02114b07600f 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -490,7 +490,7 @@ hello world }, "upstream": { "nodes": { - "httpbun.com": 1 + "httpbin.org": 1 }, "type": "roundrobin" }, From eb305c3e4774c39208ad20d9aebbbac5b16d7e38 Mon Sep 17 00:00:00 2001 From: wuhanqing Date: Tue, 23 Jan 2024 08:46:27 +0800 Subject: [PATCH 10/10] fix: jwe-decrypt test case --- t/plugin/jwe-decrypt.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t index 02114b07600f..599fed296359 100644 --- a/t/plugin/jwe-decrypt.t +++ b/t/plugin/jwe-decrypt.t @@ -513,5 +513,5 @@ passed GET /headers --- more_headers Authorization: eyJhbGciOiJkaXIiLCJraWQiOiJ1c2VyLWtleSIsImVuYyI6IkEyNTZHQ00ifQ..MTIzNDU2Nzg5MDEy._0DrWD0.vl-ydutnNuMpkYskwNqu-Q ---- response_body -hello +--- response_body_like +.*"Authorization": "hello".*