objsvc: Validate session token owner for local sessions #924

Merged

fyrchik merged 1 commit from fyrchik/frostfs-node:fix-token into master

2024-01-26 08:52:33 +00:00

Author	SHA1	Message	Date
Evgenii Stratonikov	696d4ef557	[#681 ] objsvc: Validate session token owner for local sessions All checks were successful Vulncheck / Vulncheck (pull_request) Successful in 1m7s Details DCO action / DCO (pull_request) Successful in 1m59s Details Build / Build Components (1.21) (pull_request) Successful in 4m37s Details Build / Build Components (1.20) (pull_request) Successful in 4m47s Details Tests and linters / Tests (1.21) (pull_request) Successful in 5m44s Details Tests and linters / Staticcheck (pull_request) Successful in 5m36s Details Tests and linters / Lint (pull_request) Successful in 6m1s Details Tests and linters / Tests (1.20) (pull_request) Successful in 7m34s Details Tests and linters / Tests with -race (pull_request) Successful in 7m33s Details Previously, the check was in place only when session token was missing. Format validator checks are applied only to fully-prepared object, so this lead to the following situation: 1. Object is put locally with malformed token, because there are no checks. 2. Object cannot be replicated, because the token is malformed. This is now fixed and token check is done before any payload receival. Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>	2024-01-24 13:57:00 +03:00