service: ad BearerToken to signed payload of the requests

2020-06-18 15:26:56 +03:00 · 2020-06-18 15:26:56 +03:00 · a3569ad99e
commit a3569ad99e
parent 3f7d3f8a86
3 changed files with 26 additions and 1 deletions
--- a/service/sign.go
+++ b/service/sign.go
@ -209,6 +209,9 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error {
 		NewSignedSessionToken(
 			src.GetSessionToken(),
 		),
+		NewSignedBearerToken(
+			src.GetBearerToken(),
+		),
 	)
 	if err != nil {
 		return err
@ -231,6 +234,9 @@ func VerifyRequestData(src RequestVerifyData) error {
 		NewVerifiedSessionToken(
 			src.GetSessionToken(),
 		),
+		NewVerifiedBearerToken(
+			src.GetBearerToken(),
+		),
 	)
 	if err != nil {
 		return err
--- a/service/sign_test.go
+++ b/service/sign_test.go
@ -279,14 +279,21 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
 	var (
 		token    = new(Token)
 		initVerb = Token_Info_Verb(1)
+
+		bearer      = wrapBearerTokenMsg(new(BearerTokenMsg))
+		bearerEpoch = uint64(8)
 	)

 	token.SetVerb(initVerb)

+	bearer.SetExpirationEpoch(bearerEpoch)
+
 	// create test data with token
 	src := &testSignedDataSrc{
 		data:  testData(t, 10),
 		token: token,
+
+		bearer: bearer,
 	}

 	// create test private key
@ -319,6 +326,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
 	// ascertain that verification is passed
 	require.NoError(t, VerifyRequestData(src))

+	// break the Bearer token
+	bearer.SetExpirationEpoch(bearerEpoch + 1)
+
+	// ascertain that verification is failed
+	require.Error(t, VerifyRequestData(src))
+
+	// restore the Bearer token
+	bearer.SetExpirationEpoch(bearerEpoch)
+
+	// ascertain that verification is passed
+	require.NoError(t, VerifyRequestData(src))
+
 	// wrap to data reader
 	rdr := &testSignedDataReader{
 		testSignedDataSrc: src,
--- a/service/verify.go
+++ b/service/verify.go
@ -104,7 +104,7 @@ func (t testCustomField) MarshalTo(data []byte) (int, error) { return 0, nil }
 // Marshal skip, it's for test usage only.
 func (t testCustomField) Marshal() ([]byte, error) { return nil, nil }

-// GetBearerToken returns wraps Bearer field and return BearerToken interface.
+// GetBearerToken wraps Bearer field and return BearerToken interface.
 //
 // If Bearer field value is nil, nil returns.
 func (m RequestVerificationHeader) GetBearerToken() BearerToken {