Use ClaimRootClientAuthToken instead of GetRootClientAuthToken Change-Id: Ied590ebc9c5166df2156b91900a565ec2e8ed755 Reviewed-on: https://weave-review.googlesource.com/1948 Reviewed-by: Vitaly Buka <vitalybuka@google.com>
diff --git a/src/device_registration_info.cc b/src/device_registration_info.cc index 68c5505..f437b34 100644 --- a/src/device_registration_info.cc +++ b/src/device_registration_info.cc
@@ -936,7 +936,7 @@ auth_info_update_inprogress_ = true; std::string id = GetSettings().device_id; - std::string token = Base64Encode(auth_manager_->GetRootClientAuthToken()); + std::string token = Base64Encode(auth_manager_->ClaimRootClientAuthToken()); std::string fingerprint = Base64Encode(auth_manager_->GetCertificateFingerprint());
diff --git a/src/device_registration_info_unittest.cc b/src/device_registration_info_unittest.cc index cc519d2..66a9b1d 100644 --- a/src/device_registration_info_unittest.cc +++ b/src/device_registration_info_unittest.cc
@@ -70,7 +70,6 @@ const char kAuthInfo[] = R"({ "certFingerprint": "FQY6BEINDjw3FgsmYChRWgMzMhc4TC8uG0UUUFhdDz0=", - "clientToken": "UBPkqttkiWt5VWgICLP0eHuCQgECRgMaVm0+gA==", "localId": "f6885e46-b432-42d7-86a5-d759bfb61f62" })"; @@ -269,7 +268,10 @@ .WillOnce(WithArgs<3, 4>( Invoke([](const std::string& data, const HttpClient::SendRequestCallback& callback) { - EXPECT_JSON_EQ(test_data::kAuthInfo, *CreateDictionaryValue(data)); + auto dict = CreateDictionaryValue(data); + EXPECT_TRUE(dict->HasKey("clientToken")); + dict->Remove("clientToken", nullptr); + EXPECT_JSON_EQ(test_data::kAuthInfo, *dict); base::DictionaryValue json; callback.Run(ReplyWithJson(200, json), nullptr); }))); @@ -561,7 +563,10 @@ .WillOnce(WithArgs<3, 4>( Invoke([](const std::string& data, const HttpClient::SendRequestCallback& callback) { - EXPECT_JSON_EQ(test_data::kAuthInfo, *CreateDictionaryValue(data)); + auto dict = CreateDictionaryValue(data); + EXPECT_TRUE(dict->HasKey("clientToken")); + dict->Remove("clientToken", nullptr); + EXPECT_JSON_EQ(test_data::kAuthInfo, *dict); base::DictionaryValue json; callback.Run(ReplyWithJson(200, json), nullptr); })));
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc index 1862d62..92c33a7 100644 --- a/src/privet/auth_manager.cc +++ b/src/privet/auth_manager.cc
@@ -112,14 +112,13 @@ std::vector<uint8_t> AuthManager::ClaimRootClientAuthToken() { pending_claims_.push_back( - std::unique_ptr<AuthManager>{new AuthManager{{}, {}}}); + std::unique_ptr<AuthManager>{new AuthManager{{}, {}, clock_}}); if (pending_claims_.size() > kMaxPendingClaims) pending_claims_.pop_front(); return pending_claims_.back()->GetRootClientAuthToken(); } -bool AuthManager::ConfirmRootClientAuthToken( - const std::vector<uint8_t>& token) { +bool AuthManager::ConfirmAuthToken(const std::vector<uint8_t>& token) { // Cover case when caller sent confirm twice. if (pending_claims_.empty() && IsValidAuthToken(token)) return true;
diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h index f1b6c8b..8fcadfc 100644 --- a/src/privet/auth_manager.h +++ b/src/privet/auth_manager.h
@@ -36,12 +36,11 @@ base::Time Now() const; - std::vector<uint8_t> GetRootClientAuthToken() const; - - bool IsValidAuthToken(const std::vector<uint8_t>& token) const; - std::vector<uint8_t> ClaimRootClientAuthToken(); - bool ConfirmRootClientAuthToken(const std::vector<uint8_t>& token); + bool ConfirmAuthToken(const std::vector<uint8_t>& token); + + std::vector<uint8_t> GetRootClientAuthToken() const; + bool IsValidAuthToken(const std::vector<uint8_t>& token) const; private: base::DefaultClock default_clock_;
diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc index ee50e08..4bef217 100644 --- a/src/privet/auth_manager_unittest.cc +++ b/src/privet/auth_manager_unittest.cc
@@ -150,28 +150,28 @@ auto token = auth_.ClaimRootClientAuthToken(); EXPECT_FALSE(auth_.IsValidAuthToken(token)); - EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token)); + EXPECT_TRUE(auth_.ConfirmAuthToken(token)); EXPECT_TRUE(auth_.IsValidAuthToken(token)); } TEST_F(AuthManagerTest, ClaimRootClientAuthTokenDoubleConfirm) { auto token = auth_.ClaimRootClientAuthToken(); - EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token)); - EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token)); + EXPECT_TRUE(auth_.ConfirmAuthToken(token)); + EXPECT_TRUE(auth_.ConfirmAuthToken(token)); } TEST_F(AuthManagerTest, DoubleClaimRootClientAuthToken) { auto token1 = auth_.ClaimRootClientAuthToken(); auto token2 = auth_.ClaimRootClientAuthToken(); - EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token1)); - EXPECT_FALSE(auth_.ConfirmRootClientAuthToken(token2)); + EXPECT_TRUE(auth_.ConfirmAuthToken(token1)); + EXPECT_FALSE(auth_.ConfirmAuthToken(token2)); } TEST_F(AuthManagerTest, ClaimRootClientAuthTokenOverflow) { auto token = auth_.ClaimRootClientAuthToken(); for (size_t i = 0; i < 100; ++i) auth_.ClaimRootClientAuthToken(); - EXPECT_FALSE(auth_.ConfirmRootClientAuthToken(token)); + EXPECT_FALSE(auth_.ConfirmAuthToken(token)); } } // namespace privet
diff --git a/src/privet/mock_delegates.h b/src/privet/mock_delegates.h index b661809..2065e9b 100644 --- a/src/privet/mock_delegates.h +++ b/src/privet/mock_delegates.h
@@ -64,6 +64,8 @@ UserInfo(const std::string&, base::Time*)); MOCK_CONST_METHOD0(GetPairingTypes, std::set<PairingType>()); MOCK_CONST_METHOD0(GetCryptoTypes, std::set<CryptoType>()); + MOCK_METHOD0(ClaimRootClientAuthToken, std::string()); + MOCK_METHOD1(ConfirmAuthToken, bool(const std::string& token)); MOCK_CONST_METHOD1(IsValidPairingCode, bool(const std::string&)); MOCK_METHOD5( StartPairing, @@ -80,6 +82,9 @@ EXPECT_CALL(*this, CreateAccessToken(_)) .WillRepeatedly(Return("GuestAccessToken")); + EXPECT_CALL(*this, ClaimRootClientAuthToken()) + .WillRepeatedly(Return("RootClientAuthToken")); + EXPECT_CALL(*this, ParseAccessToken(_, _)) .WillRepeatedly(DoAll(SetArgPointee<1>(base::Time::Now()), Return(UserInfo{AuthScope::kViewer, 1234567})));
diff --git a/src/privet/privet_handler.cc b/src/privet/privet_handler.cc index ab4eece..94061a5 100644 --- a/src/privet/privet_handler.cc +++ b/src/privet/privet_handler.cc
@@ -685,6 +685,7 @@ output.SetString(kAuthTokenTypeKey, kAuthorizationHeaderPrefix); output.SetInteger(kAuthExpiresInKey, kAccessTokenExpirationSeconds); output.SetString(kAuthScopeKey, EnumToString(requested_auth_scope)); + callback.Run(http::kOk, output); }
diff --git a/src/privet/security_delegate.h b/src/privet/security_delegate.h index 051bf20..3446c48 100644 --- a/src/privet/security_delegate.h +++ b/src/privet/security_delegate.h
@@ -34,6 +34,13 @@ // Returns list of crypto methods supported by devices. virtual std::set<CryptoType> GetCryptoTypes() const = 0; + // Returns Root Client Authorization Token. + virtual std::string ClaimRootClientAuthToken() = 0; + + // Confirms pending pending token claim or checks that token is valid for the + // active secret. + virtual bool ConfirmAuthToken(const std::string& token) = 0; + // Returns true if |auth_code| provided by client is valid. Client should // obtain |auth_code| during pairing process. virtual bool IsValidPairingCode(const std::string& auth_code) const = 0;
diff --git a/src/privet/security_manager.cc b/src/privet/security_manager.cc index 5018d5a..34c65f0 100644 --- a/src/privet/security_manager.cc +++ b/src/privet/security_manager.cc
@@ -135,6 +135,17 @@ return result; } +std::string SecurityManager::ClaimRootClientAuthToken() { + return Base64Encode(auth_manager_->ClaimRootClientAuthToken()); +} + +bool SecurityManager::ConfirmAuthToken(const std::string& token) { + std::vector<uint8_t> token_decoded; + if (!Base64Decode(token, &token_decoded)) + return false; + return auth_manager_->ConfirmAuthToken(token_decoded); +} + bool SecurityManager::IsValidPairingCode(const std::string& auth_code) const { if (is_security_disabled_) return true;
diff --git a/src/privet/security_manager.h b/src/privet/security_manager.h index 7a3c56a..5d9b75a 100644 --- a/src/privet/security_manager.h +++ b/src/privet/security_manager.h
@@ -65,6 +65,8 @@ base::Time* time) const override; std::set<PairingType> GetPairingTypes() const override; std::set<CryptoType> GetCryptoTypes() const override; + std::string ClaimRootClientAuthToken() override; + bool ConfirmAuthToken(const std::string& token) override; bool IsValidPairingCode(const std::string& auth_code) const override; bool StartPairing(PairingType mode,