remove header from apikey validation
diff --git a/scripts/lua/policies/security/apiKey.lua b/scripts/lua/policies/security/apiKey.lua
index 361b438..d2709cf 100644
--- a/scripts/lua/policies/security/apiKey.lua
+++ b/scripts/lua/policies/security/apiKey.lua
@@ -39,10 +39,9 @@
-- @param gatewayPath the gateway path to use, if scope is resource
-- @param apiId api Id to use, if scope is api
-- @param scope scope of the subscription
--- @param header the name of the header we are checking for
-- @param apiKey the subscription api key
-- @param return boolean value indicating if the subscription exists in redis
-function validate(red, tenant, gatewayPath, apiId, scope, header, apiKey)
+function validate(red, tenant, gatewayPath, apiId, scope, apiKey)
-- Open connection to redis or use one from connection pool
local k
if scope == 'tenant' then
@@ -52,7 +51,7 @@
elseif scope == 'api' then
k = utils.concatStrings({'subscriptions:tenant:', tenant, ':api:', apiId})
end
- k = utils.concatStrings({k, ':key:', header, ':', apiKey})
+ k = utils.concatStrings({k, ':key:', apiKey})
return red:exists(k) == 1
end
@@ -82,7 +81,7 @@
if securityObj.hashed then
apiKey = hashFunction(apiKey)
end
- local ok = validate(red, tenant, gatewayPath, apiId, scope, header, apiKey)
+ local ok = validate(red, tenant, gatewayPath, apiId, scope, apiKey)
if not ok then
request.err(401, 'Invalid API key')
return nil
diff --git a/tests/scripts/lua/security.lua b/tests/scripts/lua/security.lua
index 68e0ab1..c5296d2 100644
--- a/tests/scripts/lua/security.lua
+++ b/tests/scripts/lua/security.lua
@@ -45,7 +45,7 @@
}
]])
red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
- red:set('subscriptions:tenant:abcd:api:bnez:key:x-api-key:a1234', 'true')
+ red:set('subscriptions:tenant:abcd:api:bnez:key:a1234', 'true')
local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
assert.same(key, 'a1234')
end)
@@ -91,7 +91,7 @@
}
]])
red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
- red:set('subscriptions:tenant:abcd:api:bnez:key:x-test-key:a1234', 'true')
+ red:set('subscriptions:tenant:abcd:api:bnez:key:a1234', 'true')
local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
assert.same(key, 'a1234')
end)
@@ -116,7 +116,7 @@
}
]])
red:hset('resources:abcd:v1/test', 'resources', '{"apiId":"bnez"}')
- red:set('subscriptions:tenant:abcd:api:bnez:key:x-test-key:fakehash', 'true')
+ red:set('subscriptions:tenant:abcd:api:bnez:key:fakehash', 'true')
local key = apikey.processWithRedis(red, securityObj, function() return "fakehash" end)
assert.same(key, 'fakehash')
end)