(apisix) branch master updated: fix(jwe-decrypt): decryption failure (#10843)

Tue, 23 Jan 2024 19:11:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new ee209a7f4 fix(jwe-decrypt): decryption failure (#10843)
ee209a7f4 is described below

commit ee209a7f425ddac4dcfb04379b4ce4edb6ae6e24
Author: cooper.wu <[email protected]>
AuthorDate: Wed Jan 24 11:11:11 2024 +0800

    fix(jwe-decrypt): decryption failure (#10843)
---
 apisix/plugins/jwe-decrypt.lua |  2 +-
 t/plugin/jwe-decrypt.t         | 44 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/apisix/plugins/jwe-decrypt.lua b/apisix/plugins/jwe-decrypt.lua
index 8f7c68380..f163f4034 100644
--- a/apisix/plugins/jwe-decrypt.lua
+++ b/apisix/plugins/jwe-decrypt.lua
@@ -110,7 +110,7 @@ local function jwe_decrypt_with_obj(o, consumer)
         secret,
         nil,
         cipher,
-        {iv = o.iv}
+        {iv = dec(o.iv)}
     )
 
     local decrypted = aes_default:decrypt(dec(o.ciphertext), dec(o.tag))
diff --git a/t/plugin/jwe-decrypt.t b/t/plugin/jwe-decrypt.t
index 8a5d3dca9..599fed296 100644
--- a/t/plugin/jwe-decrypt.t
+++ b/t/plugin/jwe-decrypt.t
@@ -471,3 +471,47 @@ GET /hello
 Authorization: 
eyJhbGciOiJkaXIiLCJraWQiOiJ1c2VyLWtleSIsImVuYyI6IkEyNTZHQ00ifQ..MTIzNDU2Nzg5MDEy._0DrWD0.vl-ydutnNuMpkYskwNqu-Q
 --- response_body
 hello world
+
+
+
+=== TEST 22: enable jwt decrypt plugin with test upstream route
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/3',
+                ngx.HTTP_PUT,
+                [[{
+                    "plugins": {
+                        "jwe-decrypt": {
+                            "header": "Authorization",
+                            "forward_header": "Authorization"
+                        }
+                    },
+                    "upstream": {
+                        "nodes": {
+                            "httpbin.org": 1
+                        },
+                        "type": "roundrobin"
+                    },
+                    "uri": "/headers"
+                }]]
+                )
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- response_body
+passed
+
+
+
+=== TEST 23:  verify in upstream header
+--- request
+GET /headers
+--- more_headers
+Authorization: 
eyJhbGciOiJkaXIiLCJraWQiOiJ1c2VyLWtleSIsImVuYyI6IkEyNTZHQ00ifQ..MTIzNDU2Nzg5MDEy._0DrWD0.vl-ydutnNuMpkYskwNqu-Q
+--- response_body_like
+.*"Authorization": "hello".*

Reply via email to