diff --git a/bearer/bearer.go b/bearer/bearer.go index c0a7d3f5..aaea6c31 100644 --- a/bearer/bearer.go +++ b/bearer/bearer.go @@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error { return errors.New("missing token body") } + b.impersonate = body.GetImpersonate() + eaclTable := body.GetEACL() if b.eaclTableSet = eaclTable != nil; b.eaclTableSet { b.eaclTable = *eacl.NewTableFromV2(eaclTable) - } else if checkFieldPresence { + } else if checkFieldPresence && !b.impersonate { return errors.New("missing eACL table") } @@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error { return errors.New("missing token lifetime") } - b.impersonate = body.GetImpersonate() - sig := m.GetSignature() if b.sigSet = sig != nil; sig != nil { b.sig = *sig diff --git a/bearer/bearer_test.go b/bearer/bearer_test.go index 46826a70..5948bad1 100644 --- a/bearer/bearer_test.go +++ b/bearer/bearer_test.go @@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) { require.NoError(t, val.ReadFromV2(m)) + body.SetEACL(nil) + body.SetImpersonate(true) + require.NoError(t, val.ReadFromV2(m)) + var m2 acl.BearerToken val.WriteToV2(&m2)