Skip to content

[THREESCALE-11435] Check for nil value when decode based64 value #1505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tkan145 merged 1 commit into from
Nov 6, 2024
Merged

[THREESCALE-11435] Check for nil value when decode based64 value #1505

tkan145 merged 1 commit into from
Nov 6, 2024

Conversation

@tkan145
Copy link
Contributor

@tkan145 tkan145 commented Nov 6, 2024

What

Fix THREESCALE-11435

Verification steps:

  • Checkout this branch
  • Create apicast-config.json with the following
cat <<EOF >apicast-config.json
{
  "services": [
    {
      "backend_version": "2",
      "id": "1",
      "proxy": {
        "credentials_location": "authorization",
        "hosts": [
          "one"
        ],
        "api_backend": "https://echo-api.3scale.net:443",
        "backend": {
          "endpoint": "http://localhost:8081",
          "host": "backend"                   
        },
        "policy_chain": [
          {
            "name": "routing",
            "version": "builtin",
            "enabled": true,
            "configuration": {
              "rules": [
                {
                  "url": "https://echo-api.3scale.net:443",
                  "owner_id": 119084,
                  "owner_type": "BackendApi",
                  "condition": {
                      "operations": [
                          {
                              "match": "path",
                              "op": "matches",
                              "value": "^(/test/.*|/test/?)"
                          }
                      ]
                  },
                  "replace_path": "{{uri | remove_first: '/test'}}"
                }
              ]
            }
          },
          {
            "name": "apicast.policy.apicast"
          }
        ],
        "proxy_rules": [
          {
            "http_method": "GET",
            "pattern": "/test",
            "metric_system_name": "hits",
            "delta": 1,
            "parameters": [],
            "querystring_parameters": {}
          }
        ]
      }
    }
  ]
}
EOF
  • Start development env
make development
  • Start APIcast
THREESCALE_DEPLOYMENT_ENV=staging APICAST_LOG_LEVEL=debug APICAST_WORKER=1 APICAST_CONFIGURATION_LOADER=lazy APICAST_CONFIGURATION_CACHE=0  THREESCALE_CONFIG_FILE=apicast-config.json  ./bin/apicast
  • Capture APIcast IP
APICAST_IP=$(docker inspect apicast_build_0-development-1 | yq e -P '.[0].NetworkSettings.Networks.apicast_build_0_default.IPAddress' -)
  • Send request
curl -i -k -H "Host: one" -H "Accept: application/json" "http://${APICAST_IP}:8080/?user_key="
  • You should get 401 response back
HTTP/1.1 401 Unauthorized              
Server: openresty                      
Date: Wed, 06 Nov 2024 03:25:13 GMT    
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked             
Connection: keep-alive                 
                                       
Authentication parameters missing%

@tkan145 tkan145 requested a review from a team as a code owner November 6, 2024 03:29
@tkan145 tkan145 changed the title [THREESCALE-11435] Check for nil value when decode based64 value [WIP] [THREESCALE-11435] Check for nil value when decode based64 value Nov 6, 2024
@tkan145 tkan145 force-pushed the THREESCALE-11435-basic-auth-bug branch from 3107636 to 55e4d0f Compare November 6, 2024 04:48
@tkan145 tkan145 changed the title [WIP] [THREESCALE-11435] Check for nil value when decode based64 value [THREESCALE-11435] Check for nil value when decode based64 value Nov 6, 2024
@tkan145
[http_authorization] Check for nil value when decode based64 value
e2303b7 
Performing a match on a nil value results in an exception being thrown
and bypassing the entire authorization validation process.
@tkan145 tkan145 force-pushed the THREESCALE-11435-basic-auth-bug branch from 55e4d0f to e2303b7 Compare November 6, 2024 05:11
@tkan145 tkan145 merged commit 9cf78f4 into 3scale:master Nov 6, 2024
@tkan145 tkan145 deleted the THREESCALE-11435-basic-auth-bug branch November 6, 2024 10:42
@tkan145 tkan145 mentioned this pull request Nov 6, 2024
Merged
@tkan145 tkan145 mentioned this pull request Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eguzki eguzki eguzki approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tkan145 @eguzki