apache · Baoyuantop · Mar 11, 2025 · Mar 12, 2025 · Mar 12, 2025 · Mar 12, 2025
diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua
@@ -38,15 +38,12 @@ local function check_duplicate_key(username, plugins_conf)
             goto continue
         end
 
-        local plugin_conf_copy = core.table.deepcopy(plugin_conf)
-        plugin.decrypt_conf(plugin_name, plugin_conf_copy, core.schema.TYPE_CONSUMER)
-
         local key_field = utils.plugin_key_map[plugin_name]
         if not key_field then
             goto continue
         end
 
-        local key_value = plugin_conf_copy[key_field]
+        local key_value = plugin_conf[key_field]
         if not key_value then
             goto continue
         end
@@ -73,14 +70,14 @@ local function check_conf(username, conf, need_username, schema)
     end
 
     if conf.plugins then
-        ok, err = plugins.check_schema(conf.plugins, core.schema.TYPE_CONSUMER)
+      local ok, err = check_duplicate_key(conf.username, conf.plugins)
         if not ok then
-            return nil, {error_msg = "invalid plugins configuration: " .. err}
+            return nil, {error_msg = err}
         end
 
-        local ok, err = check_duplicate_key(conf.username, conf.plugins)
+        ok, err = plugins.check_schema(conf.plugins, core.schema.TYPE_CONSUMER)
         if not ok then
-            return nil, {error_msg = err}
+            return nil, {error_msg = "invalid plugins configuration: " .. err}
         end
     end
 

diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua
@@ -22,23 +22,33 @@ local consumer = require("apisix.consumer")
 local utils = require("apisix.admin.utils")
 local pairs    = pairs
 
-local function check_duplicate_key(id, name, plugin_conf)
-    local decrypted_conf = core.table.deepcopy(plugin_conf)
-    plugin.decrypt_conf(name, decrypted_conf, core.schema.TYPE_CONSUMER)
+local function check_duplicate_key(id, plugins)
+    for name, plugin_conf in pairs(plugins) do
+        local plugin_obj = plugin.get(name)
+        if not plugin_obj then
+            goto continue
+        end
 
-    local key_field = utils.plugin_key_map[name]
-    if not key_field then
-        return true
-    end
+        if plugin_obj.type ~= "auth" then
+            goto continue
+        end
 
-    local key_value = decrypted_conf[key_field]
-    if not key_value then
-        return true
-    end
+        local key_field = utils.plugin_key_map[name]
+        if not key_field then
+            goto continue
+        end
+
+        local key_value = plugin_conf[key_field]
+        if not key_value then
+            goto continue
+        end
 
-    local consumer = consumer.find_consumer(name, key_field, key_value)
-    if consumer and consumer.credential_id ~= id then
-        return nil, "duplicate key found with consumer: " .. consumer.username
+        local consumer = consumer.find_consumer(name, key_field, key_value)
+        if consumer and consumer.credential_id ~= id then
+            return nil, "duplicate key found with consumer: " .. consumer.username
+        end
+
+        ::continue::
     end
 
     return true
@@ -51,25 +61,24 @@ local function check_conf(id, conf, _need_id, schema)
     end
 
     if conf.plugins then
+        local ok, err = check_duplicate_key(id, conf.plugins)
+        if not ok then
+            return nil, {error_msg = err}
+        end
+
         ok, err = plugins.check_schema(conf.plugins, core.schema.TYPE_CONSUMER)
         if not ok then
             return nil, {error_msg = "invalid plugins configuration: " .. err}
         end
 
-        for name, plugin_conf in pairs(conf.plugins) do
+        for name, _ in pairs(conf.plugins) do
             local plugin_obj = plugin.get(name)
             if not plugin_obj then
                 return nil, {error_msg = "unknown plugin " .. name}
             end
-
             if plugin_obj.type ~= "auth" then
                 return nil, {error_msg = "only supports auth type plugins in consumer credential"}
             end
-
-            local ok, err = check_duplicate_key(id, name, plugin_conf)
-            if not ok then
-                return nil, {error_msg = err}
-            end
         end
     end
 

diff --git a/t/admin/credentials.t b/t/admin/credentials.t
@@ -588,42 +588,3 @@ GET /t
 --- response_body
 passed
 --- error_code: 200
-
-
-
-=== TEST 21: delete credential credential_c
---- config
-    location /t {
-        content_by_lua_block {
-            local t = require("lib.test_admin").test
-            local code, body = t('/apisix/admin/consumers/bar/credentials/credential_c', ngx.HTTP_DELETE)
-        }
-    }
---- request
-GET /t
-
-
-
-=== TEST 22: delete consumer bar
---- config
-    location /t {
-        content_by_lua_block {
-            local t = require("lib.test_admin").test
-            local code, body = t('/apisix/admin/consumers/bar', ngx.HTTP_DELETE)
-        }
-    }
---- request
-GET /t
-
-
-
-=== TEST 23: delete consumer jack
---- config
-    location /t {
-        content_by_lua_block {
-            local t = require("lib.test_admin").test
-            local code, body = t('/apisix/admin/consumers/jack', ngx.HTTP_DELETE)
-        }
-    }
---- request
-GET /t