[#248] session: Add Issuer method

There is a need to duplicate session token owner, e.g. in container
created within the session. For such cases we need to have the ability
to receive session issuer.

Add `Container.Issuer` method. Transform `IssuedBy` to helper function.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-05-23 19:15:11 +03:00 committed by LeL
parent c976332e20
commit 60ef026923
2 changed files with 35 additions and 18 deletions

View file

@ -377,24 +377,26 @@ func (x Container) AssertAuthKey(key neofscrypto.PublicKey) bool {
return bytes.Equal(bKey, x.body.GetSessionKey()) return bytes.Equal(bKey, x.body.GetSessionKey())
} }
// IssuedBy returns true if session token is signed // Issuer returns user ID of the session issuer.
// and, therefore, owned by specified user. //
// Makes sense only for signed Container instances. For unsigned instances,
// Issuer returns zero user.ID.
// //
// See also Sign. // See also Sign.
func (x Container) IssuedBy(id user.ID) bool { func (x Container) Issuer() user.ID {
var ( var issuer user.ID
tokenOwner user.ID
v2TokenOwner = x.body.GetOwnerID()
)
if v2TokenOwner == nil { issuerV2 := x.body.GetOwnerID()
return false if issuerV2 != nil {
_ = issuer.ReadFromV2(*issuerV2)
} }
err := tokenOwner.ReadFromV2(*v2TokenOwner) return issuer
if err != nil {
return false
} }
return tokenOwner.Equals(id) // IssuedBy checks if Container session is issued by the given user.
//
// See also Container.Issuer.
func IssuedBy(cnr Container, id user.ID) bool {
return cnr.Issuer().Equals(id)
} }

View file

@ -287,7 +287,7 @@ func TestContainerSignature(t *testing.T) {
} }
} }
func TestContainer_IssuedBy(t *testing.T) { func TestIssuedBy(t *testing.T) {
var ( var (
token session.Container token session.Container
issuer user.ID issuer user.ID
@ -296,8 +296,23 @@ func TestContainer_IssuedBy(t *testing.T) {
user.IDFromKey(&issuer, signer.PublicKey) user.IDFromKey(&issuer, signer.PublicKey)
require.False(t, token.IssuedBy(issuer)) require.False(t, session.IssuedBy(token, issuer))
require.NoError(t, token.Sign(signer)) require.NoError(t, token.Sign(signer))
require.True(t, token.IssuedBy(issuer)) require.True(t, session.IssuedBy(token, issuer))
}
func TestContainer_Issuer(t *testing.T) {
var token session.Container
signer := randSigner()
require.Zero(t, token.Issuer())
require.NoError(t, token.Sign(signer))
var issuer user.ID
user.IDFromKey(&issuer, signer.PublicKey)
require.True(t, token.Issuer().Equals(issuer))
} }