[#229] services/tree: Use bearer owner as signer

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2022-10-25 15:24:06 +03:00 · 2022-10-25 15:24:06 +03:00 · dce5924a89
commit dce5924a89
parent 89530534a1
4 changed files with 42 additions and 8 deletions
--- a/pkg/services/tree/signature_test.go
+++ b/pkg/services/tree/signature_test.go
@ -53,6 +53,16 @@ func (s dummyContainerSource) Get(id cid.ID) (*containercore.Container, error) {
 	return cnt, nil
 }

+type dummyEACLSource map[string]*containercore.EACL
+
+func (s dummyEACLSource) GetEACL(id cid.ID) (*containercore.EACL, error) {
+	cntEACL, ok := s[id.String()]
+	if !ok {
+		return nil, errors.New("container not found")
+	}
+	return cntEACL, nil
+}
+
 func testContainer(owner user.ID) container.Container {
 	var r netmapSDK.ReplicaDescriptor
 	r.SetNumberOfObjects(1)
@ -93,6 +103,11 @@ func TestMessageSign(t *testing.T) {
 			cnrSource: dummyContainerSource{
 				cid1.String(): cnr,
 			},
+			eaclSource: dummyEACLSource{
+				cid1.String(): &containercore.EACL{
+					Value: testTable(cid1, privs[0].PublicKey(), privs[1].PublicKey()),
+				},
+			},
 		},
 	}

@ -178,6 +193,19 @@ func TestMessageSign(t *testing.T) {
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 		})

+		t.Run("impersonate", func(t *testing.T) {
+			cnr.Value.SetBasicACL(acl.PublicRWExtended)
+			var bt bearer.Token
+			bt.SetImpersonate(true)
+
+			require.NoError(t, bt.Sign(privs[1].PrivateKey))
+			req.Body.BearerToken = bt.Marshal()
+
+			require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
+			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
+			require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
+		})
+
 		bt := testBearerToken(cid1, privs[1].PublicKey(), privs[2].PublicKey())
 		require.NoError(t, bt.Sign(privs[0].PrivateKey))
 		req.Body.BearerToken = bt.Marshal()
@ -202,6 +230,13 @@ func TestMessageSign(t *testing.T) {
 }

 func testBearerToken(cid cid.ID, forPutGet, forGet *keys.PublicKey) bearer.Token {
+	var b bearer.Token
+	b.SetEACLTable(*testTable(cid, forPutGet, forGet))
+
+	return b
+}
+
+func testTable(cid cid.ID, forPutGet, forGet *keys.PublicKey) *eaclSDK.Table {
 	tgtGet := eaclSDK.NewTarget()
 	tgtGet.SetRole(eaclSDK.RoleUnknown)
 	tgtGet.SetBinaryKeys([][]byte{forPutGet.Bytes(), forGet.Bytes()})
@ -237,8 +272,5 @@ func testBearerToken(cid cid.ID, forPutGet, forGet *keys.PublicKey) bearer.Token

 	tb.SetCID(cid)

-	var b bearer.Token
-	b.SetEACLTable(*tb)
-
-	return b
+	return tb
 }