Google Git
Sign in
apache / openwhisk-apigateway / a2c79dddf5f28de04238e8194048a16906008311^! / .
commita2c79dddf5f28de04238e8194048a16906008311[log] [tgz]
authorTaylor King <taylor@taylors-mbp.raleigh.ibm.com>Wed Mar 08 10:51:58 2017 -0500
committerMatt Hamann <matthew.hamann@gmail.com>Sun Mar 12 22:22:42 2017 -0400
tree941761c3178bc5cc24219edc6167d77cd5a919c4
parent86ab03333de2a243ecb044cd964a3118a407c35d [diff]
remove header from apikey validation

diff --git a/scripts/lua/policies/security/apiKey.lua b/scripts/lua/policies/security/apiKey.lua
index 361b438..d2709cf 100644
--- a/scripts/lua/policies/security/apiKey.lua
+++ b/scripts/lua/policies/security/apiKey.lua

@@ -39,10 +39,9 @@
 -- @param gatewayPath the gateway path to use, if scope is resource
 -- @param apiId api Id to use, if scope is api
 -- @param scope scope of the subscription
--- @param header the name of the header we are checking for 
 -- @param apiKey the subscription api key
 -- @param return boolean value indicating if the subscription exists in redis
-function validate(red, tenant, gatewayPath, apiId, scope, header, apiKey)
+function validate(red, tenant, gatewayPath, apiId, scope, apiKey)
   -- Open connection to redis or use one from connection pool
   local k
   if scope == 'tenant' then
@@ -52,7 +51,7 @@
   elseif scope == 'api' then
     k = utils.concatStrings({'subscriptions:tenant:', tenant, ':api:', apiId})
   end
-  k = utils.concatStrings({k, ':key:', header, ':', apiKey})
+  k = utils.concatStrings({k, ':key:', apiKey})
   return red:exists(k) == 1
 end
 
@@ -82,7 +81,7 @@
   if securityObj.hashed then
     apiKey = hashFunction(apiKey)
   end 
-  local ok = validate(red, tenant, gatewayPath, apiId, scope, header, apiKey)
+  local ok = validate(red, tenant, gatewayPath, apiId, scope, apiKey)
   if not ok then
     request.err(401, 'Invalid API key')
     return nil

diff --git a/tests/scripts/lua/security.lua b/tests/scripts/lua/security.lua
index 68e0ab1..c5296d2 100644
--- a/tests/scripts/lua/security.lua
+++ b/tests/scripts/lua/security.lua

@@ -45,7 +45,7 @@
       }
     ]])
     red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
-    red:set('subscriptions:tenant:abcd:api:bnez:key:x-api-key:a1234', 'true')
+    red:set('subscriptions:tenant:abcd:api:bnez:key:a1234', 'true')
     local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
     assert.same(key, 'a1234')
   end) 
@@ -91,7 +91,7 @@
       }
     ]])
     red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
-    red:set('subscriptions:tenant:abcd:api:bnez:key:x-test-key:a1234', 'true')
+    red:set('subscriptions:tenant:abcd:api:bnez:key:a1234', 'true')
     local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
     assert.same(key, 'a1234')
   end) 
@@ -116,7 +116,7 @@
       }
     ]])
     red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
-    red:set('subscriptions:tenant:abcd:api:bnez:key:x-test-key:fakehash', 'true')
+    red:set('subscriptions:tenant:abcd:api:bnez:key:fakehash', 'true')
     local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
     assert.same(key, 'fakehash')
   end)