1 files changed, 12 insertions, 3 deletions

diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index 309d80e..f0a5761 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h
@@ -9,6 +9,7 @@
 #include <string>
 #include <vector>
 
+#include <base/gtest_prod_util.h>
 #include <base/time/default_clock.h>
 #include <base/time/time.h>
 #include <weave/error.h>
@@ -54,7 +55,7 @@ class AuthManager {
   bool ConfirmClientAuthToken(const std::vector<uint8_t>& token,
                               ErrorPtr* error);
 
-  std::vector<uint8_t> GetRootClientAuthToken() const;
+  std::vector<uint8_t> GetRootClientAuthToken(RootClientTokenOwner owner) const;
   bool IsValidAuthToken(const std::vector<uint8_t>& token,
                         ErrorPtr* error) const;
   bool CreateAccessTokenFromAuth(const std::vector<uint8_t>& auth_token,
@@ -67,13 +68,21 @@ class AuthManager {
   void SetAuthSecret(const std::vector<uint8_t>& secret,
                      RootClientTokenOwner owner);
 
-  std::vector<uint8_t> CreateSessionId();
+  std::string CreateSessionId() const;
+  bool IsValidSessionId(const std::string& session_id) const;
 
  private:
+  friend class AuthManagerTest;
+
+  // Test helpers. Device does not need to implement delegation.
+  std::vector<uint8_t> DelegateToUser(const std::vector<uint8_t>& token,
+                                      base::TimeDelta ttl,
+                                      const UserInfo& user_info) const;
+
   Config* config_{nullptr};  // Can be nullptr for tests.
   base::DefaultClock default_clock_;
   base::Clock* clock_{&default_clock_};
-  uint32_t session_counter_{0};
+  mutable uint32_t session_counter_{0};
 
   std::vector<uint8_t> auth_secret_;  // Persistent.
   std::vector<uint8_t> certificate_fingerprint_;