Closed Starefossen closed 3 years ago
In my local env the unit test that was added by this PR is failing as follows:
$ ./bin/run-unit-tests.sh
+ docker build --build-arg KONG_BASE_TAG=:2.2.1-centos -t nokia/kong-oidc -f test/docker/unit/Dockerfile .
Sending build context to Docker daemon 877.1kB
Step 1/11 : ARG KONG_BASE_TAG
Step 2/11 : FROM kong${KONG_BASE_TAG}
---> 43a665d19b27
Step 3/11 : USER root
---> Using cache
---> 27e106f8e449
Step 4/11 : ENV LUA_PATH /usr/local/share/lua/5.1/?.lua;/usr/local/kong-oidc/?.lua
---> Using cache
---> 9439d5592379
Step 5/11 : ENV LUA_CPATH /usr/local/lib/lua/5.1/?.so
---> Using cache
---> beb72ccbc7c9
Step 6/11 : RUN echo "ip_resolve=4" >> /etc/yum.conf && yum install -y unzip gcc
---> Using cache
---> 0d362c81b50c
Step 7/11 : RUN luarocks install lua-resty-openidc 1.7.4-1
---> Using cache
---> 7f2865a7c694
Step 8/11 : RUN luarocks install luacov
---> Using cache
---> e5d9f85147cb
Step 9/11 : RUN luarocks install luaunit
---> Using cache
---> 33e2559b3ad9
Step 10/11 : WORKDIR /usr/local/kong-oidc
---> Using cache
---> 5e29bdc4804a
Step 11/11 : COPY . .
---> b40a7b9e1bbd
Successfully built b40a7b9e1bbd
Successfully tagged nokia/kong-oidc:latest
+ docker run -it --rm nokia/kong-oidc /bin/bash test/unit/run.sh
+ lua -lluacov test/unit/test_already_auth.lua -o TAP --failure
1..2
# Started on Thu Mar 4 14:11:54 2021
# Starting class: TestHandler
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler ignoring already auth request: /
ok 1 TestHandler.test_skip_already_auth_has_cred
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 2 TestHandler.test_skip_already_auth_has_no_cred
# Ran 2 tests in 0.000 seconds, 2 successes, 0 failures
+ lua -lluacov test/unit/test_bearer_jwt_auth.lua -o TAP --failure
1..2
# Started on Thu Mar 4 14:11:54 2021
# Starting class: TestHandler
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 1 TestHandler.test_bearer_jwt_auth_fail
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug Injecting x-userinfo
ngx.log: debug OidcHandler done
ok 2 TestHandler.test_bearer_jwt_auth_success
# Ran 2 tests in 0.010 seconds, 2 successes, 0 failures
+ lua -lluacov test/unit/test_filter.lua -o TAP --failure
1..5
# Started on Thu Mar 4 14:11:54 2021
# Starting class: TestFilter
ok 1 TestFilter.testIgnoreRequestWhenMatchingPattern1
ok 2 TestFilter.testIgnoreRequestWhenMatchingPattern2
ok 3 TestFilter.testProcessRequestWhenTheyAreNoFiltersEmpty
ok 4 TestFilter.testProcessRequestWhenTheyAreNoFiltersNil
ok 5 TestFilter.testProcesseRequestWhenNoMatch
# Ran 5 tests in 0.010 seconds, 5 successes, 0 failures
+ lua -lluacov test/unit/test_filters_advanced.lua -o TAP --failure
1..15
# Started on Thu Mar 4 14:11:54 2021
# Starting class: TestFilter
ok 1 TestFilter.testDigitAfterPrefix
ok 2 TestFilter.testHyphenAfterPrefix
ok 3 TestFilter.testIgnoreRequestBeingIdenticalToFilter
ok 4 TestFilter.testIgnoreRequestStartingWithFilterFollowedByPaths
ok 5 TestFilter.testIgnoreRequestStartingWithFilterFollowedByQuestionmark
ok 6 TestFilter.testIgnoreRequestStartingWithFilterFollowedBySlash
ok 7 TestFilter.testIgnoreRequestWhenUriIsArc
ok 8 TestFilter.testIgnoreRequestWhenUriIsAuth
ok 9 TestFilter.testLowercaseLetterAfterPrefix
ok 10 TestFilter.testPeriodAfterPrefix
ok 11 TestFilter.testPrefixNotAtTheStart
ok 12 TestFilter.testProcessRequestWhichAreAllowed
ok 13 TestFilter.testTildeAfterPrefix
ok 14 TestFilter.testUnderscoreAfterPrefix
ok 15 TestFilter.testUppercaseLetterLetterAfterPrefix
# Ran 15 tests in 0.000 seconds, 15 successes, 0 failures
+ lua -lluacov test/unit/test_handler_mocking_openidc.lua -o TAP --failure
1..14
# Started on Thu Mar 4 14:11:54 2021
# Starting class: TestHandler
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 1 TestHandler.test_authenticate_nok_deny
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 2 TestHandler.test_authenticate_nok_no_recovery
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug Redirecting to recovery page: x
ngx.log: debug OidcHandler done
ok 3 TestHandler.test_authenticate_nok_with_recovery
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 4 TestHandler.test_authenticate_ok_no_userinfo
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug Injecting X-Access-Token
ngx.log: debug OidcHandler done
ok 5 TestHandler.test_authenticate_ok_with_accesstoken
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug Injecting X-ID-Token
ngx.log: debug OidcHandler done
ok 6 TestHandler.test_authenticate_ok_with_idtoken
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 7 TestHandler.test_authenticate_ok_with_no_accesstoken
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 8 TestHandler.test_authenticate_ok_with_no_idtoken
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug Injecting X-Userinfo
ngx.log: debug OidcHandler done
ok 9 TestHandler.test_authenticate_ok_with_userinfo
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler calling authenticate, requested path: /
ngx.log: debug OidcHandler done
ok 10 TestHandler.test_bearer_only_with_bad_token
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler introspect succeeded, requested path: /
ngx.log: debug Injecting X-Userinfo
ngx.log: debug OidcHandler done
ok 11 TestHandler.test_bearer_only_with_good_token
ngx.log: debug executing plugin " oidc ": access
ngx.log: debug OidcHandler introspect succeeded, requested path: /
not ok 12 TestHandler.test_introspect_bearer_token_and_property_mapping
# /usr/local/kong-oidc/kong/plugins/oidc/utils.lua:159: attempt to concatenate local 'headerName' (a nil value)
ERROR during LuaUnit test execution:
/usr/local/kong-oidc/kong/plugins/oidc/utils.lua:159: attempt to concatenate local 'headerName' (a nil value)
# Ran 12 tests in 0.040 seconds, 11 successes, 1 error
LuaUnit ABORTED (as requested by --error or --failure option)
Done
is it working for you? thank you!
@Starefossen: Question about this PR: Another PR https://github.com/revomatico/kong-oidc/pull/2 (commit https://github.com/revomatico/kong-oidc/pull/2/commits/3739291992720f4456f05a6e62aca4b5c0c3dba2) included JWKS based bearer JWT verification already, but with some additional validations & configurability. I am curious did it not cover your particular use case?
Adds support for JWKS-based token validation (nokia#150).
Related https://github.com/nokia/kong-oidc/pull/151 Related https://github.com/revomatico/kong-oidc/pull/1