KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
integration
KNELProductionContainers/CloudronPackages/APISIX/apisix-source/t/plugin/jwt-auth4.t
ReachableCEO 54cc5f7308 feat(apisix): add Cloudron package 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
2025-09-04 09:42:47 -05:00

353 lines
11 KiB
Perl
Raw Permalink Blame History

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
repeat_each(1);
no_long_string();
no_root_location();
no_shuffle();
add_block_preprocessor(sub {
my ($block) = @_;
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
$block->set_value("no_error_log", "[error]");
}
if (!defined $block->request) {
$block->set_value("request", "GET /t");
if (!$block->response_body) {
$block->set_value("response_body", "passed\n");
}
}
});
run_tests;
__DATA__
=== TEST 1: add consumer with username and plugins
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/consumers',
ngx.HTTP_PUT,
[[{
"username": "jack",
"plugins": {
"jwt-auth": {
"key": "user-key",
"secret": "my-secret-key"
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
=== TEST 2: enable jwt auth plugin using admin api
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"jwt-auth": {
"key": "user-key",
"secret": "my-secret-key",
"key_claim_name": "iss"
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
=== TEST 3: verify (in header)
--- config
location /t {
content_by_lua_block {
local function gen_token(payload)
local buffer = require "string.buffer"
local openssl_mac = require "resty.openssl.mac"
local base64 = require "ngx.base64"
local base64_encode = base64.encode_base64url
local json = require("cjson")
local function sign(data, key)
return openssl_mac.new(key, "HMAC", nil, "sha256"):final(data)
end
local header = { typ = "JWT", alg = "HS256" }
local buf = buffer.new()
buf:put(base64_encode(json.encode(header))):put("."):put(base64_encode(json.encode(payload)))
local ok, signature = pcall(sign, buf:tostring(), "my-secret-key")
if not ok then
return nil, signature
end
buf:put("."):put(base64_encode(signature))
return buf:get()
end
local payload = {
sub = "1234567890",
iss = "user-key",
exp = 9916239022
}
local token = gen_token(payload)
local http = require("resty.http")
local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello"
local opt = {method = "POST", headers = {["Authorization"] = "Bearer " .. token}}
local httpc = http.new()
local res = httpc:request_uri(uri, opt)
assert(res.status == 200)
ngx.print(res.body)
}
}
--- request
GET /t
--- more_headers
--- response_body
hello world
=== TEST 4: ensure secret is non empty
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin").test
-- prepare consumer with a custom key claim name
local csm_code, csm_body = t('/apisix/admin/consumers',
ngx.HTTP_PUT,
[[{
"username": "mike",
"plugins": {
"jwt-auth": {
"key": "custom-user-key",
"secret": ""
}
}
}]]
)
if csm_code == 200 then
ngx.status = 500
ngx.say("error")
return
end
ngx.status = csm_code
ngx.say(csm_body)
}
}
--- error_code: 400
--- response_body eval
qr/\\"secret\\" validation failed: string too short, expected at least 1, got 0/
=== TEST 5: ensure key is non empty
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin").test
-- prepare consumer with a custom key claim name
local csm_code, csm_body = t('/apisix/admin/consumers',
ngx.HTTP_PUT,
[[{
"username": "mike",
"plugins": {
"jwt-auth": {
"key": "",
"algorithm": "RS256",
"public_key": "somekey",
"private_key": "someprivkey"
}
}
}]]
)
if csm_code == 200 then
ngx.status = 500
ngx.say("error")
return
end
ngx.status = csm_code
ngx.say(csm_body)
}
}
--- error_code: 400
--- response_body eval
qr/\\"key\\" validation failed: string too short, expected at least 1, got 0/
=== TEST 6: store_in_ctx disabled
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"jwt-auth": {},
"serverless-post-function": {
"phase": "rewrite",
"functions": [
"return function(conf, ctx)
if ctx.jwt_auth_payload then
ngx.status = 200
ngx.say(\"JWT found in ctx. Payload key: \" .. ctx.jwt_auth_payload.key)
return ngx.exit(200)
else
ngx.status = 401
ngx.say(\"JWT not found in ctx.\")
return ngx.exit(401)
end
end"
]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/jwt-auth-no-ctx"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
=== TEST 7: verify store_in_ctx disabled (header with bearer)
--- request
GET /jwt-auth-no-ctx
--- more_headers
Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsIm5iZiI6MTcyNzI3NDk4M30.N6ebc4U5ms976pwKZ_iQ88w_uJKqUVNtTYZ_nXhRpWo
--- error_code: 401
--- response_body
JWT not found in ctx.
=== TEST 8: store_in_ctx enabled
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/2',
ngx.HTTP_PUT,
[[{
"plugins": {
"jwt-auth": {
"store_in_ctx": true
},
"serverless-post-function": {
"phase": "rewrite",
"functions": [
"return function(conf, ctx)
if ctx.jwt_auth_payload then
ngx.status = 200
ngx.say(\"JWT found in ctx. Payload key: \" .. ctx.jwt_auth_payload.key)
return ngx.exit(200)
else
ngx.status = 401
ngx.say(\"JWT not found in ctx.\")
return ngx.exit(401)
end
end"
]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/jwt-auth-ctx"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
=== TEST 9: verify store_in_ctx enabled (header with bearer)
--- request
GET /jwt-auth-ctx
--- more_headers
Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsIm5iZiI6MTcyNzI3NDk4M30.N6ebc4U5ms976pwKZ_iQ88w_uJKqUVNtTYZ_nXhRpWo
--- error_code: 200
--- response_body
JWT found in ctx. Payload key: user-key
View Git Blame Copy Permalink