You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/04/15 03:29:52 UTC
[GitHub] [apisix] tzssangglass opened a new pull request, #6854: fix(authz-keycloak): do not expose internal errors to the client
tzssangglass opened a new pull request, #6854:
URL: https://github.com/apache/apisix/pull/6854
### Description
<!-- Please include a summary of the change and which issue is fixed. -->
<!-- Please also include relevant motivation and context. -->
Fixes # (issue)
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [ ] I have explained the changes or the new features added to this PR
- [ ] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless you have a good reason.
3. Always update the documentation to reflect the changes made in the PR.
4. Make a new commit to resolve conversations instead of `push -f`.
5. To resolve merge conflicts, merge master instead of rebasing.
6. Use "request review" to notify the reviewer after making changes.
7. Only a reviewer can mark a conversation as resolved.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on code in PR #6854:
URL: https://github.com/apache/apisix/pull/6854#discussion_r851701527
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
Review Comment:
add
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
end
if not password then
local err = "password is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
Review Comment:
add
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
spacewander commented on code in PR #6854:
URL: https://github.com/apache/apisix/pull/6854#discussion_r851746795
##########
t/plugin/authz-keycloak.t:
##########
@@ -623,3 +623,76 @@ GET /t
true
--- no_error_log
[error]
+
+
+
+=== TEST 19: no username of password
Review Comment:
```suggestion
=== TEST 19: no username or password
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
spacewander commented on code in PR #6854:
URL: https://github.com/apache/apisix/pull/6854#discussion_r851084951
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
Review Comment:
Would be better to add test to cover this branch?
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
end
if not password then
local err = "password is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
Review Comment:
Ditto
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] leslie-tsang commented on a diff in pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
leslie-tsang commented on code in PR #6854:
URL: https://github.com/apache/apisix/pull/6854#discussion_r851184405
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
end
if not password then
local err = "password is missing."
log.error(err)
Review Comment:
Shall we use log level `warn` instead of `error` level with `4xx` status code ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on code in PR #6854:
URL: https://github.com/apache/apisix/pull/6854#discussion_r851701541
##########
apisix/plugins/authz-keycloak.lua:
##########
@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
if not username then
local err = "username is missing."
log.error(err)
- return 422, err
+ return 422, {message = err}
end
if not password then
local err = "password is missing."
log.error(err)
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #6854: fix(authz-keycloak): do not expose internal errors to the client
Posted by GitBox <gi...@apache.org>.
spacewander merged PR #6854:
URL: https://github.com/apache/apisix/pull/6854
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org