205hlab-mirrors/traefik
2
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2026-06-17 19:09:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add error on basic auth build if users is empty

Browse Source
This commit is contained in:
Romain
2026-05-18 15:06:09 +02:00
committed by GitHub
parent 22460f0a62
commit 4d9031bdb2
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/content/migration/v2.md
+9 -1
View File
@@ -826,7 +826,7 @@ environment variable to override the API version used by Traefik.
## v2.11.46
### Kubernetes providers: `crossProviderNamespaces`
### Kubernetes Providers: `crossProviderNamespaces`
In `v2.11.46`, a new `crossProviderNamespaces` option is available on the Kubernetes CRD, Ingress, and Gateway providers.
@@ -848,3 +848,11 @@ The behavior is as follows:
Please check out the [Kubernetes CRD](../providers/kubernetes-crd.md#crossprovidernamespaces), [Kubernetes Ingress](../providers/kubernetes-ingress.md#crossprovidernamespaces),
and [Kubernetes Gateway](../providers/kubernetes-gateway.md#crossprovidernamespaces) provider documentation for more details.
## v2.11.47
### BasicAuth Middleware
From version `v2.11.47` onwards, the BasicAuth middleware requires a non-empty users configuration in order to be built successfully.
Previously, the middleware would be built successfully but always return a 401 status code for any request.
Now, an error occurs and any routers using it will be unmounted. For the same request, a 404 status code is served instead of a 401 status code.
pkg/middlewares/auth/basic_auth.go
+4
View File
@@ -41,6 +41,10 @@ func NewBasic(ctx context.Context, next http.Handler, authConfig dynamic.BasicAu
return nil, err
}
if len(users) == 0 {
return nil, fmt.Errorf("no users found in %s", authConfig.UsersFile)
}
// To prevent timing attacks, we need to compute a hash even if the user is not found.
// We assume it to be safe only when the users hashes are all from the same algorithm,
// so we can pick the first one as a random hash to compute.
pkg/middlewares/auth/basic_auth_test.go
+9
View File
@@ -14,6 +14,15 @@ import (
"github.com/traefik/traefik/v2/pkg/testhelpers"
)
func TestNewBasicEmpty(t *testing.T) {
auth := dynamic.BasicAuth{
Users: []string{},
}
_, err := NewBasic(t.Context(), nil, auth, "authName")
require.Error(t, err)
}
func TestNewBasicNotFoundSecretIsSet(t *testing.T) {
auth := dynamic.BasicAuth{
Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"},