(fixup to be squashed) adds simple cases to tests

Kong · thibaultcha · Mar 15, 2018 · Feb 23, 2018 · Mar 13, 2018 · Mar 14, 2018
commit 2f84628c882c58004aadf16c94fdd0c62f4d9adc
diff --git a/spec/03-plugins/10-key-auth/01-api_spec.lua b/spec/03-plugins/10-key-auth/01-api_spec.lua
@@ -153,12 +153,20 @@ describe("Plugin: key-auth (API)", function()
     local key = "Some Key :/?#[]@!$&'()*+,;="
     local url_key = "Some%20Key%20%3a%2f%3f%23%5b%5d%40%21%24%26%27%28%29%2a%2b%2c%3b%3d"
 
+    -- Test for a simpler key that doesn't trigger URL encodings
+    local simple_credential
+    local simple_key = "foo"
+
     before_each(function()
       helpers.dao:truncate_table("keyauth_credentials")
       credential = assert(helpers.dao.keyauth_credentials:insert {
         consumer_id = consumer.id,
         key = key,
       })
+      simple_credential = assert(helpers.dao.keyauth_credentials:insert {
+        consumer_id = consumer.id,
+        key = simple_key,
+      })
     end)
     describe("GET", function()
       it("retrieves key-auth credential by id", function()
@@ -180,6 +188,15 @@ describe("Plugin: key-auth (API)", function()
         local json = cjson.decode(body)
         assert.equal(credential.id, json.id)
       end)
+      it("retrieves key-auth credential by key (simple)", function()
+        local res = assert(admin_client:send {
+          method = "GET",
+          path = "/consumers/bob/key-auth/" .. simple_key
+        })
+        local body = assert.res_status(200, res)
+        local json = cjson.decode(body)
+        assert.equal(simple_credential.id, json.id)
+      end)
       it("retrieves credential by id only if the credential belongs to the specified consumer", function()
         assert(helpers.dao.consumers:insert {
           username = "alice"

diff --git a/spec/03-plugins/11-basic-auth/02-api_spec.lua b/spec/03-plugins/11-basic-auth/02-api_spec.lua
@@ -7,6 +7,7 @@ describe("Plugin: basic-auth (API)", function()
   -- Contains all reserved characters from RFC 3986
   local plugin_username = "spongebob squarepants :/?#[]@!$&'()*+,;="
   local url_username = "spongebob%20squarepants%20%3a%2f%3f%23%5b%5d%40%21%24%26%27%28%29%2a%2b%2c%3b%3d"
+
   setup(function()
     helpers.run_migrations()
 
@@ -179,13 +180,23 @@ describe("Plugin: basic-auth (API)", function()
 
   describe("/consumers/:consumer/basic-auth/:id", function()
     local credential
+
+    -- Test for a simpler username that doesn't trigger URL encodings
+    local simple_credential
+    local simple_username = "foo"
+
     before_each(function()
       helpers.dao:truncate_table("basicauth_credentials")
       credential = assert(helpers.dao.basicauth_credentials:insert {
         username = plugin_username,
         password = "kong",
         consumer_id = consumer.id
       })
+      simple_credential = assert(helpers.dao.basicauth_credentials:insert {
+        username = simple_username,
+        password = "simple",
+        consumer_id = consumer.id
+      })
     end)
     describe("GET", function()
       it("retrieves basic-auth credential by id", function()
@@ -206,6 +217,15 @@ describe("Plugin: basic-auth (API)", function()
         local json = cjson.decode(body)
         assert.equal(credential.id, json.id)
       end)
+      it("retrieves basic-auth credential with username (simple)", function()
+        local res = assert(admin_client:send {
+          method = "GET",
+          path = "/consumers/bob/basic-auth/" .. simple_username
+        })
+        local body = assert.res_status(200, res)
+        local json = cjson.decode(body)
+        assert.equal(simple_credential.id, json.id)
+      end)
       it("retrieves credential by id only if the credential belongs to the specified consumer", function()
         assert(helpers.dao.consumers:insert {
           username = "alice"

diff --git a/spec/03-plugins/17-jwt/02-api_spec.lua b/spec/03-plugins/17-jwt/02-api_spec.lua
@@ -234,11 +234,19 @@ describe("Plugin: jwt (API)", function()
     local my_plugin_key = "Some Key :/?#[]@!$&'()*+,;="
     local my_url_key = "Some%20Key%20%3a%2f%3f%23%5b%5d%40%21%24%26%27%28%29%2a%2b%2c%3b%3d"
 
+    -- Test for a simpler key that doesn't trigger encodings as well
+    local my_simple_jwt
+    local simple_key = "foo"
+
     setup(function()
       my_jwt = assert(jwt_secrets:insert {
         consumer_id = consumer.id,
         key = my_plugin_key,
       })
+      my_simple_jwt = assert(jwt_secrets:insert {
+        consumer_id = consumer.id,
+        key = simple_key,
+      })
     end)
     teardown(function()
       jwt_secrets:delete(my_jwt)
@@ -260,6 +268,15 @@ describe("Plugin: jwt (API)", function()
         jwt_secret = cjson.decode(body)
         assert.equal(my_plugin_key, jwt_secret.key)
       end)
+      it("retrieves by key (simple)", function()
+        local res = assert(admin_client:send {
+          method = "GET",
+          path = "/consumers/bob/jwt/" .. simple_key,
+        })
+        local body = assert.res_status(200, res)
+        jwt_secret = cjson.decode(body)
+        assert.equal(my_simple_jwt.key, jwt_secret.key)
+      end)
     end)
 
     describe("PATCH", function()

diff --git a/spec/03-plugins/20-hmac-auth/02-api_spec.lua b/spec/03-plugins/20-hmac-auth/02-api_spec.lua
@@ -3,10 +3,14 @@ local cjson = require "cjson"
 local utils = require "kong.tools.utils"
 
 describe("Plugin: hmac-auth (API)", function()
-  local client, credential, consumer
+  local client
   -- Contains all reserved characters from RFC 3986
   local plugin_username = "spongebob squarepants :/?#[]@!$&'()*+,;="
   local url_username = "spongebob%20squarepants%20%3a%2f%3f%23%5b%5d%40%21%24%26%27%28%29%2a%2b%2c%3b%3d"
+
+  -- Test for a simpler username that doesn't trigger encodings as well
+  local simple_username = "foo"
+
   setup(function()
     helpers.run_migrations()
 
@@ -18,13 +22,14 @@ describe("Plugin: hmac-auth (API)", function()
   teardown(function()
     if client then client:close() end
     assert(helpers.stop_kong())
-    helpers.clean_prefix()
   end)
 
   describe("/consumers/:consumer/hmac-auth/", function()
     describe("POST", function()
-      before_each(function()
-        helpers.dao:truncate_tables()
+      local consumer
+      setup(function()
+        helpers.dao:truncate_table("consumers")
+        helpers.dao:truncate_table("hmacauth_credentials")
         consumer = assert(helpers.dao.consumers:insert {
           username = "bob",
           custom_id = "1234"
@@ -42,21 +47,36 @@ describe("Plugin: hmac-auth (API)", function()
         })
 
         local body = assert.res_status(201, res)
-        credential = cjson.decode(body)
+        local credential = cjson.decode(body)
+        assert.equal(consumer.id, credential.consumer_id)
+      end)
+      it("[SUCCESS] should create a hmac-auth credential (simple)", function()
+        local res = assert(client:send {
+          method = "POST",
+          path = "/consumers/bob/hmac-auth/",
+          body = {
+            username = simple_username,
+            secret = "simple"
+          },
+          headers = {["Content-Type"] = "application/json"}
+        })
+
+        local body = assert.res_status(201, res)
+        local credential = cjson.decode(body)
         assert.equal(consumer.id, credential.consumer_id)
       end)
       it("[SUCCESS] should create a hmac-auth credential with a random secret", function()
         local res = assert(client:send {
           method = "POST",
           path = "/consumers/bob/hmac-auth/",
           body = {
-            username = plugin_username,
+            username = plugin_username .. "2",
           },
           headers = {["Content-Type"] = "application/json"}
         })
 
         local body = assert.res_status(201, res)
-        credential = cjson.decode(body)
+        local credential = cjson.decode(body)
         assert.is.not_nil(credential.secret)
       end)
       it("[FAILURE] should return proper errors", function()
@@ -72,6 +92,15 @@ describe("Plugin: hmac-auth (API)", function()
     end)
 
     describe("PUT", function()
+      local consumer
+      setup(function()
+        helpers.dao:truncate_table("consumers")
+        helpers.dao:truncate_table("hmacauth_credentials")
+        consumer = assert(helpers.dao.consumers:insert {
+          username = "bob",
+          custom_id = "1234"
+        })
+      end)
       it("[SUCCESS] should create and update", function()
         local res = assert(client:send {
           method = "PUT",
@@ -83,7 +112,7 @@ describe("Plugin: hmac-auth (API)", function()
           headers = {["Content-Type"] = "application/json"}
         })
         local body = assert.res_status(201, res)
-        credential = cjson.decode(body)
+        local credential = cjson.decode(body)
         assert.equal(consumer.id, credential.consumer_id)
       end)
       it("[FAILURE] should return proper errors", function()
@@ -114,6 +143,26 @@ describe("Plugin: hmac-auth (API)", function()
   end)
 
   describe("/consumers/:consumer/hmac-auth/:id", function()
+    local consumer
+    local credential, simple_credential
+    setup(function()
+      helpers.dao:truncate_table("consumers")
+      helpers.dao:truncate_table("hmacauth_credentials")
+      consumer = assert(helpers.dao.consumers:insert {
+        username = "bob",
+        custom_id = "1234"
+      })
+      credential = assert(helpers.dao.hmacauth_credentials:insert {
+        consumer_id = consumer.id,
+        username = plugin_username,
+        secret = "secret1",
+      })
+      simple_credential = assert(helpers.dao.hmacauth_credentials:insert {
+        consumer_id = consumer.id,
+        username = "foo",
+        secret = "secret2",
+      })
+    end)
     describe("GET", function()
       it("should retrieve by id", function()
         local res = assert(client:send {
@@ -137,6 +186,17 @@ describe("Plugin: hmac-auth (API)", function()
         local body = cjson.decode(body_json)
         assert.equals(credential.id, body.id)
       end)
+      it("should retrieve by username (simple)", function()
+        local res = assert(client:send {
+          method = "GET",
+          path = "/consumers/bob/hmac-auth/" .. simple_username,
+          body = {},
+          headers = {["Content-Type"] = "application/json"}
+        })
+        local body_json = assert.res_status(200, res)
+        local body = cjson.decode(body_json)
+        assert.equals(simple_credential.id, body.id)
+      end)
     end)
 
     describe("PATCH", function()
@@ -208,10 +268,15 @@ describe("Plugin: hmac-auth (API)", function()
     end)
   end)
   describe("/hmac-auths", function()
-    local consumer2
+    local consumer, consumer2
     describe("GET", function()
       setup(function()
+        helpers.dao:truncate_table("consumers")
         helpers.dao:truncate_table("hmacauth_credentials")
+        consumer = assert(helpers.dao.consumers:insert {
+          username = "bob",
+          custom_id = "1234"
+        })
         assert(helpers.dao.hmacauth_credentials:insert {
           consumer_id = consumer.id,
           username = plugin_username
@@ -256,6 +321,7 @@ describe("Plugin: hmac-auth (API)", function()
         assert.is_table(json_1.data)
         assert.equal(1, #json_1.data)
         assert.equal(2, json_1.total)
+        assert.is.not_nil(json_1.offset)
 
         res = assert(client:send {
           method = "GET",
@@ -304,8 +370,14 @@ describe("Plugin: hmac-auth (API)", function()
   describe("/hmac-auths/:hmac_username_or_id/consumer", function()
     describe("GET", function()
       local credential
+      local consumer
       setup(function()
+        helpers.dao:truncate_table("consumers")
         helpers.dao:truncate_table("hmacauth_credentials")
+        consumer = assert(helpers.dao.consumers:insert {
+          username = "bob",
+          custom_id = "1234"
+        })
         credential = assert(helpers.dao.hmacauth_credentials:insert {
           consumer_id = consumer.id,
           username = plugin_username,

diff --git a/spec/03-plugins/26-oauth2/02-api_spec.lua b/spec/03-plugins/26-oauth2/02-api_spec.lua
@@ -242,12 +242,23 @@ describe("Plugin: oauth (API)", function()
 
   describe("/consumers/:consumer/oauth2/:id", function()
     local credential
+    local simple_credential
+    local simple_client_id = "foo"
+
     -- Contains all reserved characters from RFC 3986
     local plugin_client_id = "Some Key :/?#[]@!$&'()*+,;="
     local url_client_id = "Some%20Key%20%3a%2f%3f%23%5b%5d%40%21%24%26%27%28%29%2a%2b%2c%3b%3d"
 
     before_each(function()
       helpers.dao:truncate_table("oauth2_credentials")
+
+      simple_credential = assert(helpers.dao.oauth2_credentials:insert {
+        name         = "test app",
+        redirect_uri = helpers.mock_upstream_ssl_url,
+        consumer_id  = consumer.id,
+        client_id    = simple_client_id,
+      })
+
       credential = assert(helpers.dao.oauth2_credentials:insert {
         name         = "test app",
         redirect_uri = helpers.mock_upstream_ssl_url,
@@ -265,6 +276,15 @@ describe("Plugin: oauth (API)", function()
         local json = cjson.decode(body)
         assert.equal(credential.id, json.id)
       end)
+      it("retrieves oauth2 credential by client id (simple)", function()
+        local res = assert(admin_client:send {
+          method = "GET",
+          path = "/consumers/bob/oauth2/" .. simple_client_id
+        })
+        local body = assert.res_status(200, res)
+        local json = cjson.decode(body)
+        assert.equal(simple_credential.id, json.id)
+      end)
       it("retrieves oauth2 credential by client id", function()
         local res = assert(admin_client:send {
           method = "GET",