objsvc: Validate session token owner for local sessions #924

Merged
fyrchik merged 1 commit from fyrchik/frostfs-node:fix-token into master 2024-01-26 08:52:33 +00:00
Owner

Close #681

Previously, the check was in place only when session token was missing.
Format validator checks are applied only to fully-prepared object, so
this lead to the following situation:

  1. Object is put locally with malformed token, because there are no
    checks.
  2. Object cannot be replicated, because the token is malformed.

This is now fixed and token check is done before any payload receival.

Testing done (dev-env):

  1. script from task
  2. script from task with valid token

TBD: check --prepare-locally

Close #681 Previously, the check was in place only when session token was missing. Format validator checks are applied only to fully-prepared object, so this lead to the following situation: 1. Object is put locally with malformed token, because there are no checks. 2. Object cannot be replicated, because the token is malformed. This is now fixed and token check is done before any payload receival. Testing done (dev-env): 1. script from task 2. script from task with valid token TBD: check `--prepare-locally`
fyrchik added 1 commit 2024-01-24 11:00:48 +00:00
[#681] objsvc: Validate session token owner for local sessions
All checks were successful
Vulncheck / Vulncheck (pull_request) Successful in 1m7s
DCO action / DCO (pull_request) Successful in 1m59s
Build / Build Components (1.21) (pull_request) Successful in 4m37s
Build / Build Components (1.20) (pull_request) Successful in 4m47s
Tests and linters / Tests (1.21) (pull_request) Successful in 5m44s
Tests and linters / Staticcheck (pull_request) Successful in 5m36s
Tests and linters / Lint (pull_request) Successful in 6m1s
Tests and linters / Tests (1.20) (pull_request) Successful in 7m34s
Tests and linters / Tests with -race (pull_request) Successful in 7m33s
696d4ef557
Previously, the check was in place only when session token was missing.
Format validator checks are applied only to fully-prepared object, so
this lead to the following situation:
1. Object is put locally with malformed token, because there are no
   checks.
2. Object cannot be replicated, because the token is malformed.

This is now fixed and token check is done before any payload receival.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
fyrchik requested review from mbiryukova 2024-01-24 11:00:59 +00:00
fyrchik requested review from storage-core-committers 2024-01-24 11:00:59 +00:00
fyrchik requested review from storage-core-developers 2024-01-24 11:01:00 +00:00
fyrchik requested review from alexvanin 2024-01-24 11:01:04 +00:00
dstepanov-yadro approved these changes 2024-01-24 11:11:51 +00:00
aarifullin approved these changes 2024-01-25 15:43:14 +00:00
fyrchik merged commit 6e2cc32768 into master 2024-01-26 08:52:33 +00:00
fyrchik deleted branch fix-token 2024-01-26 08:52:40 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#924
No description provided.