forked from TrueCloudLab/frostfs-sdk-go
[#248] session: Add Issuer
method
There is a need to duplicate session token owner, e.g. in container created within the session. For such cases we need to have the ability to receive session issuer. Add `Container.Issuer` method. Transform `IssuedBy` to helper function. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
c976332e20
commit
60ef026923
2 changed files with 35 additions and 18 deletions
|
@ -377,24 +377,26 @@ func (x Container) AssertAuthKey(key neofscrypto.PublicKey) bool {
|
||||||
return bytes.Equal(bKey, x.body.GetSessionKey())
|
return bytes.Equal(bKey, x.body.GetSessionKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
// IssuedBy returns true if session token is signed
|
// Issuer returns user ID of the session issuer.
|
||||||
// and, therefore, owned by specified user.
|
//
|
||||||
|
// Makes sense only for signed Container instances. For unsigned instances,
|
||||||
|
// Issuer returns zero user.ID.
|
||||||
//
|
//
|
||||||
// See also Sign.
|
// See also Sign.
|
||||||
func (x Container) IssuedBy(id user.ID) bool {
|
func (x Container) Issuer() user.ID {
|
||||||
var (
|
var issuer user.ID
|
||||||
tokenOwner user.ID
|
|
||||||
v2TokenOwner = x.body.GetOwnerID()
|
|
||||||
)
|
|
||||||
|
|
||||||
if v2TokenOwner == nil {
|
issuerV2 := x.body.GetOwnerID()
|
||||||
return false
|
if issuerV2 != nil {
|
||||||
|
_ = issuer.ReadFromV2(*issuerV2)
|
||||||
}
|
}
|
||||||
|
|
||||||
err := tokenOwner.ReadFromV2(*v2TokenOwner)
|
return issuer
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return tokenOwner.Equals(id)
|
// IssuedBy checks if Container session is issued by the given user.
|
||||||
|
//
|
||||||
|
// See also Container.Issuer.
|
||||||
|
func IssuedBy(cnr Container, id user.ID) bool {
|
||||||
|
return cnr.Issuer().Equals(id)
|
||||||
}
|
}
|
||||||
|
|
|
@ -287,7 +287,7 @@ func TestContainerSignature(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestContainer_IssuedBy(t *testing.T) {
|
func TestIssuedBy(t *testing.T) {
|
||||||
var (
|
var (
|
||||||
token session.Container
|
token session.Container
|
||||||
issuer user.ID
|
issuer user.ID
|
||||||
|
@ -296,8 +296,23 @@ func TestContainer_IssuedBy(t *testing.T) {
|
||||||
|
|
||||||
user.IDFromKey(&issuer, signer.PublicKey)
|
user.IDFromKey(&issuer, signer.PublicKey)
|
||||||
|
|
||||||
require.False(t, token.IssuedBy(issuer))
|
require.False(t, session.IssuedBy(token, issuer))
|
||||||
|
|
||||||
require.NoError(t, token.Sign(signer))
|
require.NoError(t, token.Sign(signer))
|
||||||
require.True(t, token.IssuedBy(issuer))
|
require.True(t, session.IssuedBy(token, issuer))
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestContainer_Issuer(t *testing.T) {
|
||||||
|
var token session.Container
|
||||||
|
signer := randSigner()
|
||||||
|
|
||||||
|
require.Zero(t, token.Issuer())
|
||||||
|
|
||||||
|
require.NoError(t, token.Sign(signer))
|
||||||
|
|
||||||
|
var issuer user.ID
|
||||||
|
|
||||||
|
user.IDFromKey(&issuer, signer.PublicKey)
|
||||||
|
|
||||||
|
require.True(t, token.Issuer().Equals(issuer))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue