From 15b4287092bd24a80959d19c7f3cea871cfa4feb Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Thu, 4 May 2023 18:01:07 +0300 Subject: [PATCH] [#49] bearer: Allow empty eacl if token is impersonated Signed-off-by: Denis Kirillov --- bearer/bearer.go | 6 +++--- bearer/bearer_test.go | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/bearer/bearer.go b/bearer/bearer.go index c0a7d3f5..aaea6c31 100644 --- a/bearer/bearer.go +++ b/bearer/bearer.go @@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error { return errors.New("missing token body") } + b.impersonate = body.GetImpersonate() + eaclTable := body.GetEACL() if b.eaclTableSet = eaclTable != nil; b.eaclTableSet { b.eaclTable = *eacl.NewTableFromV2(eaclTable) - } else if checkFieldPresence { + } else if checkFieldPresence && !b.impersonate { return errors.New("missing eACL table") } @@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error { return errors.New("missing token lifetime") } - b.impersonate = body.GetImpersonate() - sig := m.GetSignature() if b.sigSet = sig != nil; sig != nil { b.sig = *sig diff --git a/bearer/bearer_test.go b/bearer/bearer_test.go index 46826a70..5948bad1 100644 --- a/bearer/bearer_test.go +++ b/bearer/bearer_test.go @@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) { require.NoError(t, val.ReadFromV2(m)) + body.SetEACL(nil) + body.SetImpersonate(true) + require.NoError(t, val.ReadFromV2(m)) + var m2 acl.BearerToken val.WriteToV2(&m2)