[#xx] treesvc: Fix panic in bearer token processing #510
1 changed files with 4 additions and 4 deletions
|
@ -84,7 +84,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var tableFromBearer bool
|
var useBearer bool
|
||||||
if len(rawBearer) != 0 {
|
if len(rawBearer) != 0 {
|
||||||
if !basicACL.AllowedBearerRules(op) {
|
if !basicACL.AllowedBearerRules(op) {
|
||||||
s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL,
|
s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL,
|
||||||
|
@ -92,13 +92,13 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
|
||||||
zap.String("op", op.String()),
|
zap.String("op", op.String()),
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
tableFromBearer = true
|
useBearer = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var tb eacl.Table
|
var tb eacl.Table
|
||||||
signer := req.GetSignature().GetKey()
|
signer := req.GetSignature().GetKey()
|
||||||
if tableFromBearer && !bt.Impersonate() {
|
if useBearer && !bt.Impersonate() {
|
||||||
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
|
if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
|
||||||
return eACLErr(eaclOp, errBearerWrongOwner)
|
return eACLErr(eaclOp, errBearerWrongOwner)
|
||||||
}
|
}
|
||||||
|
@ -110,7 +110,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
|
||||||
}
|
}
|
||||||
tb = *tbCore.Value
|
tb = *tbCore.Value
|
||||||
|
|
||||||
if bt.Impersonate() {
|
if useBearer && bt.Impersonate() {
|
||||||
signer = bt.SigningKeyBytes()
|
signer = bt.SigningKeyBytes()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue