diff options
| author | Vitaly Buka <vitalybuka@google.com> | 2016-01-27 18:56:37 -0800 |
|---|---|---|
| committer | Vitaly Buka <vitalybuka@google.com> | 2016-01-28 18:52:56 +0000 |
| commit | 70c8642747634743cecac1944b3fdfe746fd9e1a (patch) | |
| tree | 310ebe971360c0469fd32fa7bc7c28a02125519f | |
| parent | d5f7aabc2a7e414c63dc5a20a294c71a54111910 (diff) | |
| download | libweave-70c8642747634743cecac1944b3fdfe746fd9e1a.tar.gz | |
Add kUwMacaroonDelegateeTypeService caveat
BUG: 26292014
Change-Id: I4edc9fea58265d8345010023c88208155772e6f9
Reviewed-on: https://weave-review.googlesource.com/2382
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
| -rw-r--r-- | src/privet/auth_manager.cc | 32 | ||||
| -rw-r--r-- | src/privet/auth_manager_unittest.cc | 14 |
2 files changed, 22 insertions, 24 deletions
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc index 0a2b75a..71a4f39 100644 --- a/src/privet/auth_manager.cc +++ b/src/privet/auth_manager.cc @@ -106,17 +106,17 @@ class UserIdCaveat : public Caveat { DISALLOW_COPY_AND_ASSIGN(UserIdCaveat); }; -// class ServiceCaveat : public Caveat { -// public: -// ServiceCaveat() : Caveat(kUwMacaroonCaveatTypeDelegateeService, 0) { -// // TODO: Replace with service delegatee. -// CHECK(uw_macaroon_caveat_create_delegatee_user_( -// nullptr, 0, buffer_.data(), buffer_.size(), -// &caveat_)); -// } - -// DISALLOW_COPY_AND_ASSIGN(ServiceCaveat); -// }; +class ServiceCaveat : public Caveat { + public: + explicit ServiceCaveat(const std::string& id) + : Caveat(kUwMacaroonCaveatTypeDelegateeService, id.size()) { + CHECK(uw_macaroon_caveat_create_delegatee_service_( + reinterpret_cast<const uint8_t*>(id.data()), id.size(), buffer_.data(), + buffer_.size(), &caveat_)); + } + + DISALLOW_COPY_AND_ASSIGN(ServiceCaveat); +}; class SessionIdCaveat : public Caveat { public: @@ -348,7 +348,7 @@ bool AuthManager::ParseAccessToken(const std::vector<uint8_t>& token, // values. CHECK_GE(FromJ2000Time(result.expiration_time), now); CHECK_EQ(1u, result.num_delegatees); - CHECK(!result.delegatees[0].is_app); + CHECK_EQ(kUwMacaroonDelegateeTypeUser, result.delegatees[0].type); std::string user_id{reinterpret_cast<const char*>(result.delegatees[0].id), result.delegatees[0].id_len}; if (user_info) @@ -405,10 +405,8 @@ std::vector<uint8_t> AuthManager::GetRootClientAuthToken( const base::Time now = Now(); TimestampCaveat issued{now}; - UserIdCaveat client{""}; - // TODO: service caveat when available. - // ServiceCaveat cloud; - + ServiceCaveat client{owner == RootClientTokenOwner::kCloud ? "google.com" + : "privet"}; return CreateMacaroonToken( auth_secret_, now, { @@ -464,7 +462,7 @@ bool AuthManager::CreateAccessTokenFromAuth( auto last_user_id = std::find_if(delegates_rbegin, delegates_rend, [](const UwMacaroonDelegateeInfo& delegatee) { - return !delegatee.is_app; + return delegatee.type == kUwMacaroonDelegateeTypeUser; }); if (last_user_id == delegates_rend || !last_user_id->id_len) { diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc index d74abd8..2adb1c2 100644 --- a/src/privet/auth_manager_unittest.cc +++ b/src/privet/auth_manager_unittest.cc @@ -146,21 +146,21 @@ TEST_F(AuthManagerTest, ParseAccessToken) { } TEST_F(AuthManagerTest, GetRootClientAuthToken) { - EXPECT_EQ("WCCDQxkgAUYIGhudoQBCCUBQn9rT/8iUzwKa0ZIAgCNxyg==", + EXPECT_EQ("WCaDQxkgAUYIGhudoQBIDEZwcml2ZXRQ5aV4jIdY2JGosyU0APnQpA==", Base64Encode( auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient))); } TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentOwner) { EXPECT_EQ( - "WCCDQxkgAUYIGhudoQBCCUBQn9rT/8iUzwKa0ZIAgCNxyg==", + "WCqDQxkgAUYIGhudoQBMDEpnb29nbGUuY29tUOoLAxSUAZAAv54drarqhag=", Base64Encode(auth_.GetRootClientAuthToken(RootClientTokenOwner::kCloud))); } TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentTime) { auto new_time = clock_.Now() + base::TimeDelta::FromDays(15); EXPECT_CALL(clock_, Now()).WillRepeatedly(Return(new_time)); - EXPECT_EQ("WCCDQxkgAUYIGhuxZ4BCCUBQmNBWA9KdLzxHUCMqzonDZw==", + EXPECT_EQ("WCaDQxkgAUYIGhuxZ4BIDEZwcml2ZXRQsDNy7gcfJT/yvRs3/q40oA==", Base64Encode( auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient))); } @@ -168,7 +168,7 @@ TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentTime) { TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentSecret) { AuthManager auth{kSecret2, {}, kSecret1, &clock_}; EXPECT_EQ( - "WCCDQxkgAUYIGhudoQBCCUBQQ/BSJs7FEI260RnwjlJrVw==", + "WCaDQxkgAUYIGhudoQBIDEZwcml2ZXRQKw9xcidyzrelxUkgkLmv1g==", Base64Encode(auth.GetRootClientAuthToken(RootClientTokenOwner::kClient))); } @@ -205,12 +205,12 @@ TEST_F(AuthManagerTest, CreateAccessTokenFromAuth) { std::vector<uint8_t> access_token; AuthScope scope; base::TimeDelta ttl; - auto root = auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient); + auto root = auth_.GetRootClientAuthToken(RootClientTokenOwner::kCloud); auto extended = DelegateToUser(root, base::TimeDelta::FromSeconds(1000), UserInfo{AuthScope::kUser, "234"}); EXPECT_EQ( - "WEWIQxkgAUYIGhudoQBCCUBGCBobnaEARgUaG52k6EIBDkUJQzIzNE0RSzQ2MzMxNTIwMDox" - "UHN8Lm+CUQo7s84Sh+grpAE=", + "WE+IQxkgAUYIGhudoQBMDEpnb29nbGUuY29tRggaG52hAEYFGhudpOhCAQ5FCUMyMzRNEUs0" + "NjMzMTUyMDA6MVCRVKU+0SpOoBppnwqdKMwP", Base64Encode(extended)); EXPECT_TRUE( auth_.CreateAccessTokenFromAuth(extended, base::TimeDelta::FromDays(1), |