apisix-dashboard icon indicating copy to clipboard operation
apisix-dashboard copied to clipboard

Published 20 hours ago verified publisher icon apache

When creating a new consumer, the secret is lost when jwt-auth is selected

Open kingmouse-yx opened this issue 2 years ago • 1 comments

Issue description

When I create a consumer on the page and select jwt-auth, I can see from the console that the address to initiate the request is: http://127.0.0.1:9000/apisix/admin/consumers The request message is:

{
    "username": "test001",
    "plugins": {
        "jwt-auth": {
            "key": "qwer",
            "disable": false
        }
    }
}

The respone message is:

{
    "code":0,
    "message":"",
    "data":{
        "username":"test001",
        "plugins":{
            "jwt-auth":{
                "disable":false,
                "exp":86400,
                "key":"qwer"
            }
        },
        "create_time":1647412638,
        "update_time":1647412638
    },
    "request_id":"461a71bb-9ece-427a-9ed3-33cb77de175c"
}

At this time, I click the view button on the page, and the data displayed in it is:

{
  "username": "test001",
  "plugins": {
    "jwt-auth": {
      "disable": false,
      "exp": 86400,
      "key": "qwer"
    }
  }
}

There is no secret field at this time Through my test, if there is no secret field, there will be a large number of 401 responses when using token for authentication in the case of concurrency.

However, when I create a request through the interface provided by apisix, the request address is: http://127.0.0.1:9080/apisix/admin/consumers The request message is:

{
    "username": "test002",
    "plugins": {
        "jwt-auth": {
            "key": "qwer",
            "disable": false
        }
    }
}

The respone message is:

{
    "action": "set",
    "node": {
        "value": {
            "username": "test002",
            "update_time": 1647413386,
            "plugins": {
                "jwt-auth": {
                    "disable": false,
                    "key": "qwer",
                    "algorithm": "HS256",
                    "secret": "0EjSwJcv5Uc4fkVTMG5lQsJh0Igsso4j3xMfbtGyj2s=",
                    "base64_secret": false,
                    "exp": 86400
                }
            },
            "create_time": 1647413386
        },
        "key": "/apisix/consumers/test002"
    }
}

At this time, I click the view button on the page, and the data displayed in it is:

{
  "username": "test002",
  "plugins": {
    "jwt-auth": {
      "algorithm": "HS256",
      "base64_secret": false,
      "disable": false,
      "exp": 86400,
      "key": "qwer",
      "secret": "0EjSwJcv5Uc4fkVTMG5lQsJh0Igsso4j3xMfbtGyj2s="
    }
  }
}

At this time, the secret field exists.

Expected behavior

I hope the secret field exists when I create a new consumer through the dashboard

How to Reproduce

1.new consumers 2.select jwt-auth plugins 3.Fill in the necessary information

Screenshots

No response

Environment

  • apisix version (cmd: apisix version): 2.9
  • OS (cmd: uname -a): Darwin kingmouse.lan 21.3.0 Darwin Kernel Version 21.3.0: Wed Jan 5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_ARM64_T8101 arm64
  • OpenResty / Nginx version (cmd: nginx -V or openresty -V): openresty/1.19.3.1
  • etcd version, if have (cmd: run curl http://127.0.0.1:9090/v1/server_info to get the info from server-info API): 3.4.0
  • apisix-dashboard version, if have: 2.10.1
  • Browser version, if have:

Additional context

No response

kingmouse-yx avatar Mar 16 '22 07:03 kingmouse-yx

@kingmouse-yx Same as https://github.com/apache/apisix-dashboard/issues/2176#issuecomment-944127485

bzp2010 avatar Mar 16 '22 13:03 bzp2010