Skip to content

Commit

Permalink
Merge pull request #1459 from tkan145/backport-THREESCALE-10934-batch…
Browse files Browse the repository at this point in the history
…er-policy-not-accept-special-chars

Backport 2.15 THREESCALE-10934 Batcher policy does not accept the same chars specified in Porta regex for app_id, app_key & user_key
  • Loading branch information
tkan145 authored Apr 23, 2024
2 parents 429a819 + 9f18cdf commit 17aa557
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 8 deletions.
6 changes: 3 additions & 3 deletions gateway/src/apicast/policy/3scale_batcher/keys_helper.lua
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ end

local regexes_report_key = {
[[service_id:(?<service_id>[\w-]+),user_key:(?<user_key>[\S-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\w-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\w-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),access_token:(?<access_token>[\S-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),app_key:(?<app_key>[\S-]+),metric:(?<metric>[\S-]+)]],
[[service_id:(?<service_id>[\w-]+),app_id:(?<app_id>[\S-]+),metric:(?<metric>[\S-]+)]],
}

function _M.key_for_cached_auth(transaction)
Expand Down
27 changes: 22 additions & 5 deletions spec/policy/3scale_batcher/keys_helper_spec.lua
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
local keys_helper = require 'apicast.policy.3scale_batcher.keys_helper'
local Usage = require 'apicast.usage'
local Transaction = require 'apicast.policy.3scale_batcher.transaction'
local JWT = require('resty.jwt')
local rsa = require('fixtures.rsa')

local access_token = setmetatable({
header = { typ = 'JWT', alg = 'RS256', kid = 'somekid' },
payload = {
iss = 'http://example.com/issuer',
sub = 'some',
aud = 'one',
exp = ngx.now() + 3600,
},
}, { __tostring = function(jwt) return JWT:sign(rsa.private, jwt) end })

describe('Keys Helper', function()
describe('.key_for_cached_auth', function()
Expand Down Expand Up @@ -35,10 +47,10 @@ describe('Keys Helper', function()
local report = keys_helper.report_from_key_batched_report(key)
assert.same({ service_id = 's1', app_id = 'ai', app_key = 'ak', metric = 'm1' }, report)

-- special chars
key = 'service_id:s1,app_id:ai,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
-- app_key and app_id contain special chars
key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,app_key:!#$%&\'()*+,-.:;<=>?@[]^_`{|}~,metric:m1'
report = keys_helper.report_from_key_batched_report(key)
assert.same({ service_id = 's1', app_id = 'ai', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', app_key = '!#$%&\'()*+,-.:;<=>?@[]^_`{|}~', metric = 'm1' }, report)
end)

it('returns a valid metric in case of special chars', function()
Expand Down Expand Up @@ -82,17 +94,22 @@ describe('Keys Helper', function()
end)

it('returns a report given a key of a batched report with access token', function()
local key = 'service_id:s1,access_token:at,metric:m1'
local key = 'service_id:s1,access_token:'..tostring(access_token)..',metric:m1'

local report = keys_helper.report_from_key_batched_report(key)
assert.same({ service_id = 's1', access_token = 'at', metric = 'm1' }, report)
assert.same({ service_id = 's1', access_token = tostring(access_token), metric = 'm1' }, report)
end)

it('returns a report given a key of a batched report with app ID only', function()
local key = 'service_id:s1,app_id:ai,metric:m1'

local report = keys_helper.report_from_key_batched_report(key)
assert.same({ service_id = 's1', app_id = 'ai', metric = 'm1'}, report)

-- special chars
key = 'service_id:s1,app_id:!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~,metric:m1'
report = keys_helper.report_from_key_batched_report(key)
assert.same({ service_id = 's1', app_id = '!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~', metric = 'm1'}, report)
end)

it('returns an error when key has no credentials', function()
Expand Down

0 comments on commit 17aa557

Please sign in to comment.