[Configuration] Fix break when oidc is not a valid target.

Return a error if the url is not valid for oidc_endpoint and make sure that process does not died due invalid url Signed-off-by: Eloy Coto <eloy.coto@gmail.com>
3scale · Jun 6, 2019 · 89cfb7c · 89cfb7c
1 parent 3891130
commit 89cfb7c
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 2 deletions.
diff --git a/gateway/src/apicast/configuration_loader/remote_v2.lua b/gateway/src/apicast/configuration_loader/remote_v2.lua
@@ -38,7 +38,6 @@ function _M.new(url, options)
   }
 
   local path = resty_url.split(endpoint or '')
-
   return setmetatable({
     endpoint = endpoint,
     path = path and path[6],

diff --git a/gateway/src/resty/oidc/discovery.lua b/gateway/src/resty/oidc/discovery.lua
@@ -61,6 +61,11 @@ function _M:openid_configuration(issuer)
         return nil, 'no OIDC endpoint'
     end
 
+    local _, err = resty_url.parse(uri)
+    if err then
+      return nil, 'OIDC url is not valid, uri: "' .. uri ..'", error: ' .. err
+    end
+
     local res = http_client.get(uri)
 
     if res.status ~= 200 then

diff --git a/t/configuration-loading-lazy.t b/t/configuration-loading-lazy.t
@@ -76,7 +76,7 @@ env APICAST_CONFIGURATION_LOADER=lazy;
 GET /t?user_key=fake
 --- error_code: 200
 --- user_files eval
-[ 
+[
   [ 'config.json', qq|
   {
     "services": [{
@@ -123,3 +123,55 @@ GET /t?user_key=fake
 {Hello, world}
 --- no_error_log
 [error]
+
+=== TEST 5: load invalid oidc target url
+--- main_config
+env THREESCALE_PORTAL_ENDPOINT=http://127.0.0.1:$TEST_NGINX_SERVER_PORT/;
+env APICAST_CONFIGURATION_LOADER=lazy;
+env THREESCALE_DEPLOYMENT_ENV=production;
+--- http_config
+  include $TEST_NGINX_HTTP_CONFIG;
+  include $TEST_NGINX_UPSTREAM_CONFIG;
+  lua_package_path "$TEST_NGINX_LUA_PATH";
+--- config
+  include $TEST_NGINX_APICAST_CONFIG;
+  include $TEST_NGINX_BACKEND_CONFIG;
+
+  location = /admin/api/nginx/spec.json {
+    try_files /config.json =404;
+  }
+
+  location /api/ {
+    echo "all ok";
+  }
+--- request
+GET /t?user_key=fake
+--- error_code: 401
+--- user_files eval
+[
+  [ 'config.json', qq|
+  {
+    "services": [{
+      "id": 1,
+      "backend_version": 1,
+      "backend_version": "oauth",
+      "proxy": {
+        "api_backend": "http://127.0.0.1:$Test::Nginx::Util::ServerPortForClient/api/",
+        "service_id": 2555417794444,
+        "oidc_issuer_endpoint": "www.fgoodl/adasd",
+        "authentication_method": "oidc",
+        "service_backend_version": "oauth",
+        "hosts": [
+          "localhost"
+        ],
+        "backend": {
+          "endpoint": "http://127.0.0.1:$Test::Nginx::Util::ServerPortForClient"
+        },
+        "proxy_rules": [
+          { "pattern": "/t", "http_method": "GET", "metric_system_name": "test" }
+        ]
+      }
+    }]
+  }
+  | ]
+]