From 60ef026923ca5577d8b512191fe9c5a2a6731926 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Mon, 23 May 2022 19:15:11 +0300 Subject: [PATCH] [#248] session: Add `Issuer` method There is a need to duplicate session token owner, e.g. in container created within the session. For such cases we need to have the ability to receive session issuer. Add `Container.Issuer` method. Transform `IssuedBy` to helper function. Signed-off-by: Leonard Lyubich --- session/container.go | 32 +++++++++++++++++--------------- session/container_test.go | 21 ++++++++++++++++++--- 2 files changed, 35 insertions(+), 18 deletions(-) diff --git a/session/container.go b/session/container.go index b1000afb..747afc31 100644 --- a/session/container.go +++ b/session/container.go @@ -377,24 +377,26 @@ func (x Container) AssertAuthKey(key neofscrypto.PublicKey) bool { return bytes.Equal(bKey, x.body.GetSessionKey()) } -// IssuedBy returns true if session token is signed -// and, therefore, owned by specified user. +// Issuer returns user ID of the session issuer. +// +// Makes sense only for signed Container instances. For unsigned instances, +// Issuer returns zero user.ID. // // See also Sign. -func (x Container) IssuedBy(id user.ID) bool { - var ( - tokenOwner user.ID - v2TokenOwner = x.body.GetOwnerID() - ) +func (x Container) Issuer() user.ID { + var issuer user.ID - if v2TokenOwner == nil { - return false + issuerV2 := x.body.GetOwnerID() + if issuerV2 != nil { + _ = issuer.ReadFromV2(*issuerV2) } - err := tokenOwner.ReadFromV2(*v2TokenOwner) - if err != nil { - return false - } - - return tokenOwner.Equals(id) + return issuer +} + +// IssuedBy checks if Container session is issued by the given user. +// +// See also Container.Issuer. +func IssuedBy(cnr Container, id user.ID) bool { + return cnr.Issuer().Equals(id) } diff --git a/session/container_test.go b/session/container_test.go index 6a40212d..e084b9db 100644 --- a/session/container_test.go +++ b/session/container_test.go @@ -287,7 +287,7 @@ func TestContainerSignature(t *testing.T) { } } -func TestContainer_IssuedBy(t *testing.T) { +func TestIssuedBy(t *testing.T) { var ( token session.Container issuer user.ID @@ -296,8 +296,23 @@ func TestContainer_IssuedBy(t *testing.T) { user.IDFromKey(&issuer, signer.PublicKey) - require.False(t, token.IssuedBy(issuer)) + require.False(t, session.IssuedBy(token, issuer)) require.NoError(t, token.Sign(signer)) - require.True(t, token.IssuedBy(issuer)) + require.True(t, session.IssuedBy(token, issuer)) +} + +func TestContainer_Issuer(t *testing.T) { + var token session.Container + signer := randSigner() + + require.Zero(t, token.Issuer()) + + require.NoError(t, token.Sign(signer)) + + var issuer user.ID + + user.IDFromKey(&issuer, signer.PublicKey) + + require.True(t, token.Issuer().Equals(issuer)) }