Skip to content

Commit

Permalink
add test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
Madhawa Gunasekara authored and Madhawa Gunasekara committed Nov 14, 2023
1 parent 3376deb commit 48e0433
Show file tree
Hide file tree
Showing 3 changed files with 197 additions and 17 deletions.
20 changes: 11 additions & 9 deletions apisix/plugins/multi-auth.lua
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ function _M.check_schema(conf)

local auth_plugins = conf.auth_plugins
for k, auth_plugin in pairs(auth_plugins) do
for key, value in pairs(auth_plugin) do
local auth = require("apisix.plugins." .. key)
for auth_plugin_name, plugin_conf in pairs(auth_plugin) do
local auth = require("apisix.plugins." .. auth_plugin_name)
if auth == nil then
return false, key .. " plugin did not found"
return false, auth_plugin_name .. " plugin did not found"
else
if auth.type ~= 'auth' then
return false, key .. " plugin is not supported"
return false, auth_plugin_name .. " plugin is not supported"
end
end
end
Expand All @@ -65,15 +65,17 @@ function _M.rewrite(conf, ctx)
local auth_plugins = conf.auth_plugins
local status_code
for k, auth_plugin in pairs(auth_plugins) do
for key, value in pairs(auth_plugin) do
local auth = require("apisix.plugins." .. key)
local auth_code = auth.rewrite(value, ctx)
for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
local auth = require("apisix.plugins." .. auth_plugin_name)
-- returns 401 HTTP status code if authentication failed, otherwise nothing returns.
local auth_code = auth.rewrite(auth_plugin_conf, ctx)
status_code = auth_code
if auth_code == nil then
core.log.debug("Authentication is successful" .. key .. " plugin")
core.log.debug("Authentication is successful" .. auth_plugin_name .. " plugin")
goto authenticated
else
core.log.warn("Authentication is failed" .. key .. " plugin, code: " .. auth_code)
core.log.warn("Authentication is failed" .. auth_plugin_name .. " plugin, code: "
.. auth_code)
end
end
end
Expand Down
12 changes: 8 additions & 4 deletions docs/en/latest/plugins/multi-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ description: This document contains information about the Apache APISIX multi-au

## Description

The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. Plugins with type 'auth' are supported.
The `multi-auth` Plugin is used to add multiple authentication methods to a Route or a Service. It supports plugins of type 'auth'. You can combine different authentication methods using "or" relationship with `multi-auth` plugin. If you want to use multiple methods in an "and" relationship, apply specific authentication plugins directly to the route or service.

## Attributes

For Route:

| Name | Type | Required | Default | Description |
|--------------|-------|----------|---------|--------------------------------------------|
| auth_plugins | array | True | - | Add supporting auth plugins configuration. |
| Name | Type | Required | Default | Description |
|--------------|-------|----------|---------|-----------------------------------------------------------------------|
| auth_plugins | array | True | - | Add supporting auth plugins configuration. expects at least 2 plugins |

## Enable Plugin

Expand Down Expand Up @@ -98,10 +98,14 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13

After you have configured the Plugin as mentioned above, you can make a request to the Route as shown below:

request with basic-auth

```shell
curl -i -ufoo:bar http://127.0.0.1:9080/hello
```

request with key-auth

```shell
curl http://127.0.0.2:9080/hello -H 'apikey: auth-one' -i
```
Expand Down
182 changes: 178 additions & 4 deletions t/plugin/multi-auth.t
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ GET /hello



=== TEST 4: verify basic
=== TEST 4: verify basic-auth
--- request
GET /hello
--- more_headers
Expand All @@ -137,7 +137,7 @@ find consumer foo



=== TEST 5: verify key
=== TEST 5: verify key-auth
--- request
GET /hello
--- more_headers
Expand Down Expand Up @@ -169,7 +169,7 @@ apikey: auth-two



=== TEST 8: enable multi auth plugin using admin api
=== TEST 8: enable multi auth plugin using admin api, without any auth_plugins configuration
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -204,7 +204,7 @@ qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: pr



=== TEST 9: enable multi auth plugin using admin api
=== TEST 9: enable multi auth plugin using admin api, with auth_plugins configuration but with one authorization plugin
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -242,3 +242,177 @@ GET /t
--- error_code: 400
--- response_body_like eval
qr/\{"error_msg":"failed to check the configuration of plugin multi-auth err: property \\"auth_plugins\\" validation failed: expect array to have at least 2 items"\}/



=== TEST 10: create public API route (jwt-auth sign)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/2',
ngx.HTTP_PUT,
[[{
"plugins": {
"public-api": {}
},
"uri": "/apisix/plugin/jwt/sign"
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed



=== TEST 11: add consumer with username and jwt-auth plugins
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/consumers',
ngx.HTTP_PUT,
[[{
"username": "jack",
"plugins": {
"jwt-auth": {
"key": "user-key",
"secret": "my-secret-key"
}
}
}]]
)

if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed



=== TEST 12: sign / verify jwt-auth
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key',
ngx.HTTP_GET
)

if code > 200 then
ngx.status = code
ngx.say(err)
return
end

local code, _, res = t('/hello?jwt=' .. sign,
ngx.HTTP_GET
)

ngx.status = code
ngx.print(res)
}
}
--- request
GET /t
--- response_body
hello world



=== TEST 13: verify multi-auth with plugin config will cause the conf_version change
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test

local code, err = t('/apisix/admin/plugin_configs/1',
ngx.HTTP_PUT,
[[{
"desc": "Multiple Authentication",
"plugins": {
"multi-auth": {
"auth_plugins": [
{
"basic-auth": {}
},
{
"key-auth": {
"query": "apikey",
"hide_credentials": true,
"header": "apikey"
}
},
{
"jwt-auth": {
"cookie": "jwt",
"query": "jwt",
"hide_credentials": true,
"header": "authorization"
}
}
]
}
}
}]]
)
if code > 300 then
ngx.log(ngx.ERR, err)
return
end

local code, err = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"uri": "/hello",
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"plugin_config_id": 1
}]]
)
if code > 300 then
ngx.log(ngx.ERR, err)
return
end
ngx.sleep(0.1)

local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key',
ngx.HTTP_GET
)

if code > 200 then
ngx.status = code
ngx.say(err)
return
end

local code, _, res = t('/hello?jwt=' .. sign,
ngx.HTTP_GET
)

ngx.status = code
ngx.print(res)
}
}
--- request
GET /t
--- response_body
hello world

0 comments on commit 48e0433

Please sign in to comment.