[#163] Support JSON bearer token
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
This commit is contained in:
parent
b9e44c603d
commit
71fc6c85d5
3 changed files with 66 additions and 22 deletions
|
@ -75,11 +75,13 @@ func TestIntegration(t *testing.T) {
|
||||||
CID, err := createContainer(ctx, t, clientPool, ownerID, version)
|
CID, err := createContainer(ctx, t, clientPool, ownerID, version)
|
||||||
require.NoError(t, err, version)
|
require.NoError(t, err, version)
|
||||||
|
|
||||||
token := makeBearerToken(t, key, ownerID, version)
|
jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version)
|
||||||
|
|
||||||
t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
|
t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
|
||||||
t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
|
t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) })
|
||||||
t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
|
t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) })
|
||||||
|
t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
|
||||||
|
t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
|
||||||
t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
|
t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
|
||||||
t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
|
t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
|
||||||
t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
|
t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
|
||||||
|
@ -526,7 +528,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
|
||||||
return id.ObjectID
|
return id.ObjectID
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
|
func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
|
||||||
tkn := new(bearer.Token)
|
tkn := new(bearer.Token)
|
||||||
tkn.ForUser(ownerID)
|
tkn.ForUser(ownerID)
|
||||||
tkn.SetExp(10000)
|
tkn.SetExp(10000)
|
||||||
|
@ -540,10 +542,16 @@ func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versio
|
||||||
err := tkn.Sign(key.PrivateKey)
|
err := tkn.Sign(key.PrivateKey)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
|
jsonToken, err := tkn.MarshalJSON()
|
||||||
require.NotEmpty(t, t64)
|
require.NoError(t, err)
|
||||||
|
|
||||||
return t64
|
jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken)
|
||||||
|
binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
|
||||||
|
|
||||||
|
require.NotEmpty(t, jsonTokenBase64)
|
||||||
|
require.NotEmpty(t, binaryTokenBase64)
|
||||||
|
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {
|
func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {
|
||||||
|
|
|
@ -82,14 +82,22 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
|
||||||
tkn = new(bearer.Token)
|
tkn = new(bearer.Token)
|
||||||
)
|
)
|
||||||
for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
|
for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
|
||||||
if buf = parse(&ctx.Request.Header); buf == nil {
|
buf = parse(&ctx.Request.Header)
|
||||||
|
if buf == nil {
|
||||||
continue
|
continue
|
||||||
} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
|
}
|
||||||
|
|
||||||
|
data, err := base64.StdEncoding.DecodeString(string(buf))
|
||||||
|
if err != nil {
|
||||||
lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
|
lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
|
||||||
continue
|
continue
|
||||||
} else if err = tkn.Unmarshal(data); err != nil {
|
}
|
||||||
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
|
|
||||||
continue
|
if err = tkn.Unmarshal(data); err != nil {
|
||||||
|
if err = tkn.UnmarshalJSON(data); err != nil {
|
||||||
|
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return tkn, nil
|
return tkn, nil
|
||||||
|
|
|
@ -98,8 +98,14 @@ func TestFetchBearerToken(t *testing.T) {
|
||||||
tkn := new(bearer.Token)
|
tkn := new(bearer.Token)
|
||||||
tkn.ForUser(uid)
|
tkn.ForUser(uid)
|
||||||
|
|
||||||
t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
|
jsonToken, err := tkn.MarshalJSON()
|
||||||
require.NotEmpty(t, t64)
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
|
||||||
|
binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
|
||||||
|
|
||||||
|
require.NotEmpty(t, jsonTokenBase64)
|
||||||
|
require.NotEmpty(t, binaryTokenBase64)
|
||||||
|
|
||||||
cases := []struct {
|
cases := []struct {
|
||||||
name string
|
name string
|
||||||
|
@ -143,25 +149,47 @@ func TestFetchBearerToken(t *testing.T) {
|
||||||
error: "can't unmarshal bearer token",
|
error: "can't unmarshal bearer token",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "bad header, but good cookie",
|
name: "bad header, but good cookie with binary token",
|
||||||
header: "dGVzdAo=",
|
header: "dGVzdAo=",
|
||||||
cookie: t64,
|
cookie: binaryTokenBase64,
|
||||||
expect: tkn,
|
expect: tkn,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "bad cookie, but good header",
|
name: "bad cookie, but good header with binary token",
|
||||||
header: t64,
|
header: binaryTokenBase64,
|
||||||
cookie: "dGVzdAo=",
|
cookie: "dGVzdAo=",
|
||||||
expect: tkn,
|
expect: tkn,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "ok for header",
|
name: "bad header, but good cookie with json token",
|
||||||
header: t64,
|
header: "dGVzdAo=",
|
||||||
|
cookie: jsonTokenBase64,
|
||||||
expect: tkn,
|
expect: tkn,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "ok for cookie",
|
name: "bad cookie, but good header with json token",
|
||||||
cookie: t64,
|
header: jsonTokenBase64,
|
||||||
|
cookie: "dGVzdAo=",
|
||||||
|
expect: tkn,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "ok for header with binary token",
|
||||||
|
header: binaryTokenBase64,
|
||||||
|
expect: tkn,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "ok for cookie with binary token",
|
||||||
|
cookie: binaryTokenBase64,
|
||||||
|
expect: tkn,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "ok for header with json token",
|
||||||
|
header: jsonTokenBase64,
|
||||||
|
expect: tkn,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "ok for cookie with json token",
|
||||||
|
cookie: jsonTokenBase64,
|
||||||
expect: tkn,
|
expect: tkn,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue