Merge pull request #7 from nokia/Commit-6df8344f-from-gitlab-nokia

Commit 6df8344f from gitlab nokia
nokia · Aug 24, 2017 · 086a51c · 086a51c
2 parents a4d03e9 + 9663d81
commit 086a51c
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 37 deletions.
diff --git a/kong-oidc-1.0.0-0.rockspec → kong-oidc-1.0.1-0.rockspec b/kong-oidc-1.0.0-0.rockspec → kong-oidc-1.0.1-0.rockspec
@@ -1,9 +1,9 @@
 package = "kong-oidc"
-version = "1.0.0-0"
+version = "1.0.1-0"
 source = {
     url = "git://github.com/nokia/kong-oidc",
-    tag = "v1.0",
-    dir = "kongoidc"
+    tag = "v1.0.1",
+    dir = "kong-oidc"
 }
 description = {
     summary = "A Kong plugin for implementing the OpenID Connect Relying Party (RP) functionality",

diff --git a/kong/plugins/oidc/filter.lua b/kong/plugins/oidc/filter.lua
@@ -1,22 +1,17 @@
 local M = {}
 
-local function startsWith(text, prefix)
-  return string.sub(text, 1, string.len(prefix)) == prefix
-end
-
-local function shouldIgnoreRequest()
-  local ignore_paths = "/auth,/arc"  -- TODO. Need to have a common solution.
-  for path in string.gmatch(ignore_paths, "[^,]+") do
-    if  ngx.var.uri == path or startsWith(ngx.var.uri, path.."/") then
-      return true
+local function shouldIgnoreRequest(patterns)
+  if (patterns) then
+    for _, pattern in ipairs(patterns) do
+      local isMatching = not (string.find(ngx.var.uri, pattern) == nil)
+      if (isMatching) then return true end
     end
   end
   return false
 end
 
-
-function M.shouldProcessRequest()
-  return not shouldIgnoreRequest()
+function M.shouldProcessRequest(config)
+  return not shouldIgnoreRequest(config.filters)
 end
 
 return M
diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua
@@ -22,16 +22,18 @@ function CustomHandler:access(config)
   -- (will log that your plugin is entering this context)
   CustomHandler.super.access(self)
 
-  if filter.shouldProcessRequest() then
-    ngx.log(ngx.DEBUG, "In plugin CustomHandler:access calling authenticate, requested path: "..ngx.var.request_uri)
+  local oidcConfig = utils.get_options(config, ngx)
+
+  if filter.shouldProcessRequest(oidcConfig) then
+    ngx.log(ngx.DEBUG, "In plugin CustomHandler:access calling authenticate, requested path: " .. ngx.var.request_uri)
 
     session.configure(config)
 
-    local res, err = require("resty.openidc").authenticate(utils.get_options(config, ngx))
+    local res, err = require("resty.openidc").authenticate(oidcConfig)
 
     if err then
       if config.recovery_page_path then
-        ngx.log(ngx.DEBUG, "Entering recovery page: "..config.recovery_page_path)
+        ngx.log(ngx.DEBUG, "Entering recovery page: " .. config.recovery_page_path)
         return ngx.redirect(config.recovery_page_path)
       end
       utils.exit(500, err, ngx.HTTP_INTERNAL_SERVER_ERROR)
@@ -42,11 +44,10 @@ function CustomHandler:access(config)
       ngx.req.set_header("X-Userinfo", require("cjson").encode(res.user))
     end
   else
-    ngx.log(ngx.DEBUG, "In plugin CustomHandler:access NOT calling authenticate, requested path: "..ngx.var.request_uri)
+    ngx.log(ngx.DEBUG, "In plugin CustomHandler:access NOT calling authenticate, requested path: " .. ngx.var.request_uri)
   end
 
   ngx.log(ngx.DEBUG, "In plugin CustomHandler:access Done")
-
 end
 
 -- This module needs to return the created table, so that Kong

diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua
@@ -1,15 +1,16 @@
 return {
   no_consumer = true,
   fields = {
-    client_id                  = { type = "string", required = true},
-    client_secret              = { type = "string", required = true},
-    discovery                  = { type = "string", required = true, default = "https://.well-known/openid-configuration"},
-    redirect_uri_path          = { type = "string"},
-    scope                      = { type = "string", required = true, default = "openid"},
-    response_type              = { type = "string", required = true, default = "code"},
-    ssl_verify                 = { type = "string", required = true, default = "no"},
-    token_endpoint_auth_method = { type = "string", required = true, default = "client_secret_post"},
-    session_secret             = { type = "string", required = false, default = "no"},
-    recovery_page_path         = { type = "string"}
+    client_id = { type = "string", required = true },
+    client_secret = { type = "string", required = true },
+    discovery = { type = "string", required = true, default = "https://.well-known/openid-configuration" },
+    redirect_uri_path = { type = "string" },
+    scope = { type = "string", required = true, default = "openid" },
+    response_type = { type = "string", required = true, default = "code" },
+    ssl_verify = { type = "string", required = true, default = "no" },
+    token_endpoint_auth_method = { type = "string", required = true, default = "client_secret_post" },
+    session_secret = { type = "string", required = false },
+    recovery_page_path = { type = "string" },
+    filters = { type = "string" }
   }
 }
diff --git a/kong/plugins/oidc/session.lua b/kong/plugins/oidc/session.lua
@@ -6,7 +6,7 @@ function M.configure(config)
   if config.session_secret then
     local decoded_session_secret = ngx.decode_base64(config.session_secret)
     if not decoded_session_secret then
-      utils.exit( 500, "invalid OIDC plugin configuration, session secret could not be decoded", ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR))
+      utils.exit(500, "invalid OIDC plugin configuration, session secret could not be decoded", ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR))
     end
     ngx.var.session_secret = decoded_session_secret
   end

diff --git a/kong/plugins/oidc/utils.lua b/kong/plugins/oidc/utils.lua
@@ -1,5 +1,15 @@
 local M = {}
 
+local function parseFilters(csvFilters)
+  filters = {}
+  if (not (csvFilters == nil)) then
+    for pattern in string.gmatch(csvFilters, "[^,]+") do
+      table.insert(filters, pattern)
+    end
+  end
+  return filters
+end
+
 function M.get_redirect_uri_path(ngx)
   local function drop_query()
     local uri = ngx.var.request_uri
@@ -37,7 +47,8 @@ function M.get_options(config, ngx)
     response_type = config.response_type,
     ssl_verify = config.ssl_verify,
     token_endpoint_auth_method = config.token_endpoint_auth_method,
-    recovery_page_path = config.recovery_page_path
+    recovery_page_path = config.recovery_page_path,
+    filters = parseFilters(config.filters)
   }
 end
 
@@ -48,10 +59,8 @@ function M.exit(httpStatusCode, message, ngxCode)
 end
 
 function M.injectUser(user)
-    ngx.ctx.authenticated_consumer = user
-    ngx.ctx.authenticated_consumer.id = user.sub
+  ngx.ctx.authenticated_consumer = user
+  ngx.ctx.authenticated_consumer.id = user.sub
 end
 
 return M
-
-