Re: [PR] fix: close session in case of error to avoid blocked session [apisix]

[via GitHub]

starsz commented on code in PR #11089:
URL: https://github.com/apache/apisix/pull/11089#discussion_r1557448300


##########
t/plugin/openid-connect5.t:
##########
@@ -138,3 +138,77 @@ __DATA__
     }
 --- response_body_like
 hello world
+
+
+
+=== TEST 2: Call to route with locking session storage, no authentication and 
unauth_action 'deny' should not block subsequent requests on same session
+--- config
+    set $session_storage redis;
+    set $session_redis_uselocking               on;
+
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local http = require "resty.http"
+            local login_keycloak = require("lib.keycloak").login_keycloak
+            local concatenate_cookies = 
require("lib.keycloak").concatenate_cookies
+
+            local code, body = t('/apisix/admin/routes/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                        "plugins": {
+                            "openid-connect": {
+                                "discovery": 
"http://127.0.0.1:8080/realms/University/.well-known/openid-configuration";,
+                                "realm": "University",
+                                "client_id": "course_management",
+                                "client_secret": 
"d1ec69e9-55d2-4109-a3ea-befa071579d5",
+                                "redirect_uri": "http://127.0.0.1:]] .. 
ngx.var.server_port .. [[/authenticated",
+                                "ssl_verify": false,
+                                "unauth_action": "deny"
+                            }
+                        },
+                        "upstream": {
+                            "nodes": {
+                                "127.0.0.1:1980": 1
+                            },
+                            "type": "roundrobin"
+                        },
+                        "uri": "/*"
+                }]]
+                )
+
+            local uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/hello"
+
+            -- Make the final call to protected route WITHOUT cookie
+            local httpc = http.new()
+            local res, err = httpc:request_uri(uri, {method = "GET"})
+
+            -- Extract cookie which is not authenticated
+            local cookie_str = concatenate_cookies(res.headers['Set-Cookie'])
+
+            -- Make the call to protected route cookie
+            local function firstRequest()
+               local httpc = http.new()
+               httpc:request_uri(uri, {
+                        method = "GET",
+                        headers = {
+                            ["Cookie"] = cookie_str
+                        }
+                    })
+            end
+            ngx.thread.spawn(firstRequest)

Review Comment:
   How can you ensure that the first request is arrived before the second one?
   I think maybe you can give a return value of the `firstRequest` function , 
and use `ngx.thread.wait` to get the return value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org