| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| use t::APISIX 'no_plan'; |
| |
| log_level('debug'); |
| repeat_each(1); |
| no_long_string(); |
| no_root_location(); |
| no_shuffle(); |
| |
| add_block_preprocessor(sub { |
| my ($block) = @_; |
| |
| if ((!defined $block->error_log) && (!defined $block->no_error_log)) { |
| $block->set_value("no_error_log", "[error]"); |
| } |
| |
| if (!defined $block->request) { |
| $block->set_value("request", "GET /t"); |
| } |
| }); |
| |
| run_tests(); |
| |
| __DATA__ |
| |
| === TEST 1: Set up new route access the auth server via http proxy |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| local code, body = t('/apisix/admin/routes/1', |
| ngx.HTTP_PUT, |
| [[{ |
| "plugins": { |
| "openid-connect": { |
| "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH", |
| "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", |
| "discovery": "https://samples.auth0.com/.well-known/openid-configuration", |
| "redirect_uri": "https://iresty.com", |
| "ssl_verify": false, |
| "timeout": 10, |
| "scope": "apisix", |
| "proxy_opts": { |
| "http_proxy": "http://127.0.0.1:8080", |
| "http_proxy_authorization": "Basic dXNlcm5hbWU6cGFzc3dvcmQK" |
| }, |
| "use_pkce": false, |
| "session": { |
| "secret": "jwcE5v3pM9VhqLxmxFOH9uZaLo8u7KQK" |
| } |
| } |
| }, |
| "upstream": { |
| "nodes": { |
| "127.0.0.1:1980": 1 |
| }, |
| "type": "roundrobin" |
| }, |
| "uri": "/hello" |
| }]] |
| ) |
| |
| if code >= 300 then |
| ngx.status = code |
| end |
| ngx.say(body) |
| |
| } |
| } |
| --- response_body |
| passed |
| |
| |
| |
| === TEST 2: Access route w/o bearer token. Should redirect to authentication endpoint of ID provider. |
| --- config |
| location /t { |
| content_by_lua_block { |
| local http = require "resty.http" |
| local httpc = http.new() |
| local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello" |
| local res, err = httpc:request_uri(uri, {method = "GET"}) |
| ngx.status = res.status |
| local location = res.headers['Location'] |
| if location and string.find(location, 'https://samples.auth0.com/authorize') ~= -1 and |
| string.find(location, 'scope=apisix') ~= -1 and |
| string.find(location, 'client_id=kbyuFDidLLm280LIwVFiazOqjO3ty8KH') ~= -1 and |
| string.find(location, 'response_type=code') ~= -1 and |
| string.find(location, 'redirect_uri=https://iresty.com') ~= -1 then |
| ngx.say(true) |
| end |
| } |
| } |
| --- timeout: 10s |
| --- response_body |
| true |
| --- error_code: 302 |
| --- error_log |
| use http proxy |
