Basic Authentication

Hello folks,

I’m new using this tool, trying to learn about it and on my studies i got something strange. I’m trying to use Basic Authentication (just to learn all types of authentications) and i created a basic user using this URL “http://localhost:8080/tyk/keys/admin” using ‘admin’ as a username but on my tests i am getting access to the protected path using admin or admin[‘something’] (like admin1, admin1313, limit is 4 numbers), how i can avoid this? Looks like tyk uses a regex.

Thanks in advance!

Edit: Apparently this happens only with the word admin, i tried with ‘appinteg’ and used appinteg1 and didnt worked.

Hello @Marcos-Oleiro,

The reason you’re running into the issue is that you’re adding /admin at the end of your path. The proper link would be http://localhost:8080/tyk/keys.

Check out this page which describes how to use the Gateway APIs https://tyk.io/docs/tyk-gateway-api/.

Please let me know if you have any more questions.

Zaid

1 Like

Hello @zaid,

I have added the “/admin” in the path because i followed this page Basic Authentication and here says that for basic keys i should add the ‘username’ (/tyk/keys/{username}).

I see. Can you please send me the full request?

Sure! I did with Postman but here is the curl code:

curl --location --request POST 'http://localhost:8080/tyk/keys/admin' \
--header 'x-tyk-authorization: 12345' \
--header 'Content-Type: application/json' \
--data-raw '{
  "allowance": 1000,
  "rate": 1000,
  "per": 1,
  "expires": -1,
  "quota_max": -1,
  "org_id": "default",
  "quota_renews": 1449051461,
  "quota_remaining": -1,
  "quota_renewal_rate": 60,
  "access_rights": {
    "30": {
      "api_id": "30",
      "api_name": "Simula Rota Cadastro",
      "versions": [
        "Default"
      ]
    }
  },
 "meta_data": {},
 "basic_auth_data": {
   "password": "senha"
  }
}'

Can you make sure that you have the correct org_id?

Yeah, here is my payload to add the api:

{
  "enable_context_vars": true,
  "name": "Simula Rota Cadastro",
  "api_id": "30",
  "org_id": "default",
  "version_data": {
      "not_versioned": true,
      "versions": {
          "Default": {
              "name": "Default",
              "expires": "3000-01-02 15:04",
              "use_extended_paths": true,
              "extended_paths": {
                  "ignored": [],
                  "white_list": [],
                  "black_list": [],
                  "cache": [
                      "get"
                  ],
                  "transform": []
                }
          }
      }
  },
  "proxy": {
      "listen_path": "/cadastro/",
      "target_url": "http://httpbin.org",
      "strip_listen_path": true,
      "preserve_host_header": true
  },
  "custom_middleware": {
      "pre": [
          {
              "name": "basicAuthMiddleware",
              "path": "middleware/basicAuthMiddleware.js",
              "require_session": false
          }
      ]
  },
  "enable_batch_request_support": true,
  "use_basic_auth":true
}

Both are with org_id as default

Alright I think I have everything I need to try to replicate this. I will keep you in the loop.

1 Like

Hello @Marcos-Oleiro,

What request are you getting the access to the protected path using admin error.

I was able to create the API and Basic Auth with no issues.

Zaid

Have you tried to use admin1, admin11?

Yes, they worked as well.

If i added ‘admin’ why admin1 works? that’s my question.

Sorry I am not sure I understand the question

I added the user ‘admin’ right? So using admin i should get access to the api, but im getting access to the api using admin1 (which i didnt added) too, is this right?

Hello @Marcos-Oleiro,

Yes I can confirm that there is an issue there. I will talk to the engineer team and report a bug.

I will keep you in the loop on this.
Zaid

Hello @Marcos-Oleiro,

I finally got an answer for you. This issue is caused by the default hashing function used in the gateway.

You can fix this by updating the hash_key_function value in the tyk.conf under /opt/tyk-gateway to murmur64.

Here is an example of my tyk.conf:
{
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“template_path”: “/opt/tyk-gateway/templates”,
“tyk_js_path”: “/opt/tyk-gateway/js/tyk.js”,
“middleware_path”: “/opt/tyk-gateway/middleware”,
“use_db_app_configs”: false,
“app_path”: “/opt/tyk-gateway/apps/”,
“storage”: {
“type”: “redis”,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 2000,
“optimisation_max_active”: 4000
},
“enable_analytics”: false,
“analytics_config”: {
“type”: “csv”,
“csv_dir”: “/tmp”,
“mongo_url”: “”,
“mongo_db_name”: “”,
“mongo_collection”: “”,
“purge_delay”: -1,
“ignored_ips”: []
},
“health_check”: {
“enable_health_checks”: true,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: true,
“enable_non_transactional_rate_limiter”: true,
“enable_sentinel_rate_limiter”: false,
“enable_redis_rolling_limiter”: false,
“allow_master_keys”: false,
“policies”: {
“policy_source”: “file”,
“policy_record_name”: “/opt/tyk-gateway/policies/policies.json”
},
“hash_keys”: true,
“close_connections”: false,
“http_server_options”: {
“enable_websockets”: true
},
“allow_insecure_configs”: true,
“coprocess_options”: {
“enable_coprocess”: true,
“coprocess_grpc_server”: “”
},
“enable_bundle_downloader”: true,
“bundle_base_url”: “”,
“global_session_lifetime”: 100,
“force_global_session_lifetime”: false,
“max_idle_connections_per_host”: 500,
“enable_jsvm”: true,
“hash_key_function”: “murmur64”
}

The default for that value is murmur32 which causes that issue.

You will also need to recreate the keys for the issue to be resolved.

Hope this helps,
Zaid

1 Like

Hello @zaid! Sorry for the late reply, i was busy with other things. Thanks for the work here, im gonna do as you suggested. Have a great day.

1 Like