diff options
author | Vitaly Buka <vitalybuka@google.com> | 2016-03-08 19:12:12 -0800 |
---|---|---|
committer | Vitaly Buka <vitalybuka@google.com> | 2016-03-09 17:55:21 +0000 |
commit | e733c38c669ec83c0778e74fc4f8d2af70173e02 (patch) | |
tree | bf56cfde87328b6fd4d16dc36e85597fc696004c | |
parent | 8b897afa3af6adca3d3296c7e7d54021e6f090a0 (diff) | |
download | libweave-e733c38c669ec83c0778e74fc4f8d2af70173e02.tar.gz |
Take into account scope from /privet/v3/auth call
For local case the scope was ignored. Behavior was similar to "auto" scope.
Change-Id: I6aabca13929d10101f5b350641aa6edd84d50a23
Reviewed-on: https://weave-review.googlesource.com/2880
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
-rw-r--r-- | src/privet/privet_handler.cc | 2 | ||||
-rw-r--r-- | src/privet/security_manager.cc | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/privet/privet_handler.cc b/src/privet/privet_handler.cc index 7afeb3b..97cacc5 100644 --- a/src/privet/privet_handler.cc +++ b/src/privet/privet_handler.cc @@ -713,6 +713,8 @@ void PrivetHandler::HandleAuth(const base::DictionaryValue& input, return ReturnError(*error, callback); } + CHECK_LE(access_token_scope, desired_scope); + if (access_token_scope < acceptable_scope) { Error::AddToPrintf(&error, FROM_HERE, errors::kAccessDenied, "Scope '%s' is not allowed", diff --git a/src/privet/security_manager.cc b/src/privet/security_manager.cc index 3b08613..3c11935 100644 --- a/src/privet/security_manager.cc +++ b/src/privet/security_manager.cc @@ -144,9 +144,11 @@ bool SecurityManager::CreateAccessTokenImpl( return disabled_mode(error); const base::TimeDelta kTtl = base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds); - return auth_manager_->CreateAccessTokenFromAuth( + bool result = auth_manager_->CreateAccessTokenFromAuth( auth_code, kTtl, access_token, access_token_scope, access_token_ttl, error); + *access_token_scope = std::min(*access_token_scope, desired_scope); + return result; } return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode, |