Use ClaimRootClientAuthToken instead of GetRootClientAuthToken
Change-Id: Ied590ebc9c5166df2156b91900a565ec2e8ed755
Reviewed-on: https://weave-review.googlesource.com/1948
Reviewed-by: Vitaly Buka <vitalybuka@google.com>
diff --git a/src/device_registration_info.cc b/src/device_registration_info.cc
index 68c5505..f437b34 100644
--- a/src/device_registration_info.cc
+++ b/src/device_registration_info.cc
@@ -936,7 +936,7 @@
auth_info_update_inprogress_ = true;
std::string id = GetSettings().device_id;
- std::string token = Base64Encode(auth_manager_->GetRootClientAuthToken());
+ std::string token = Base64Encode(auth_manager_->ClaimRootClientAuthToken());
std::string fingerprint =
Base64Encode(auth_manager_->GetCertificateFingerprint());
diff --git a/src/device_registration_info_unittest.cc b/src/device_registration_info_unittest.cc
index cc519d2..66a9b1d 100644
--- a/src/device_registration_info_unittest.cc
+++ b/src/device_registration_info_unittest.cc
@@ -70,7 +70,6 @@
const char kAuthInfo[] = R"({
"certFingerprint":
"FQY6BEINDjw3FgsmYChRWgMzMhc4TC8uG0UUUFhdDz0=",
- "clientToken": "UBPkqttkiWt5VWgICLP0eHuCQgECRgMaVm0+gA==",
"localId": "f6885e46-b432-42d7-86a5-d759bfb61f62"
})";
@@ -269,7 +268,10 @@
.WillOnce(WithArgs<3, 4>(
Invoke([](const std::string& data,
const HttpClient::SendRequestCallback& callback) {
- EXPECT_JSON_EQ(test_data::kAuthInfo, *CreateDictionaryValue(data));
+ auto dict = CreateDictionaryValue(data);
+ EXPECT_TRUE(dict->HasKey("clientToken"));
+ dict->Remove("clientToken", nullptr);
+ EXPECT_JSON_EQ(test_data::kAuthInfo, *dict);
base::DictionaryValue json;
callback.Run(ReplyWithJson(200, json), nullptr);
})));
@@ -561,7 +563,10 @@
.WillOnce(WithArgs<3, 4>(
Invoke([](const std::string& data,
const HttpClient::SendRequestCallback& callback) {
- EXPECT_JSON_EQ(test_data::kAuthInfo, *CreateDictionaryValue(data));
+ auto dict = CreateDictionaryValue(data);
+ EXPECT_TRUE(dict->HasKey("clientToken"));
+ dict->Remove("clientToken", nullptr);
+ EXPECT_JSON_EQ(test_data::kAuthInfo, *dict);
base::DictionaryValue json;
callback.Run(ReplyWithJson(200, json), nullptr);
})));
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 1862d62..92c33a7 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc
@@ -112,14 +112,13 @@
std::vector<uint8_t> AuthManager::ClaimRootClientAuthToken() {
pending_claims_.push_back(
- std::unique_ptr<AuthManager>{new AuthManager{{}, {}}});
+ std::unique_ptr<AuthManager>{new AuthManager{{}, {}, clock_}});
if (pending_claims_.size() > kMaxPendingClaims)
pending_claims_.pop_front();
return pending_claims_.back()->GetRootClientAuthToken();
}
-bool AuthManager::ConfirmRootClientAuthToken(
- const std::vector<uint8_t>& token) {
+bool AuthManager::ConfirmAuthToken(const std::vector<uint8_t>& token) {
// Cover case when caller sent confirm twice.
if (pending_claims_.empty() && IsValidAuthToken(token))
return true;
diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index f1b6c8b..8fcadfc 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h
@@ -36,12 +36,11 @@
base::Time Now() const;
- std::vector<uint8_t> GetRootClientAuthToken() const;
-
- bool IsValidAuthToken(const std::vector<uint8_t>& token) const;
-
std::vector<uint8_t> ClaimRootClientAuthToken();
- bool ConfirmRootClientAuthToken(const std::vector<uint8_t>& token);
+ bool ConfirmAuthToken(const std::vector<uint8_t>& token);
+
+ std::vector<uint8_t> GetRootClientAuthToken() const;
+ bool IsValidAuthToken(const std::vector<uint8_t>& token) const;
private:
base::DefaultClock default_clock_;
diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc
index ee50e08..4bef217 100644
--- a/src/privet/auth_manager_unittest.cc
+++ b/src/privet/auth_manager_unittest.cc
@@ -150,28 +150,28 @@
auto token = auth_.ClaimRootClientAuthToken();
EXPECT_FALSE(auth_.IsValidAuthToken(token));
- EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token));
+ EXPECT_TRUE(auth_.ConfirmAuthToken(token));
EXPECT_TRUE(auth_.IsValidAuthToken(token));
}
TEST_F(AuthManagerTest, ClaimRootClientAuthTokenDoubleConfirm) {
auto token = auth_.ClaimRootClientAuthToken();
- EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token));
- EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token));
+ EXPECT_TRUE(auth_.ConfirmAuthToken(token));
+ EXPECT_TRUE(auth_.ConfirmAuthToken(token));
}
TEST_F(AuthManagerTest, DoubleClaimRootClientAuthToken) {
auto token1 = auth_.ClaimRootClientAuthToken();
auto token2 = auth_.ClaimRootClientAuthToken();
- EXPECT_TRUE(auth_.ConfirmRootClientAuthToken(token1));
- EXPECT_FALSE(auth_.ConfirmRootClientAuthToken(token2));
+ EXPECT_TRUE(auth_.ConfirmAuthToken(token1));
+ EXPECT_FALSE(auth_.ConfirmAuthToken(token2));
}
TEST_F(AuthManagerTest, ClaimRootClientAuthTokenOverflow) {
auto token = auth_.ClaimRootClientAuthToken();
for (size_t i = 0; i < 100; ++i)
auth_.ClaimRootClientAuthToken();
- EXPECT_FALSE(auth_.ConfirmRootClientAuthToken(token));
+ EXPECT_FALSE(auth_.ConfirmAuthToken(token));
}
} // namespace privet
diff --git a/src/privet/mock_delegates.h b/src/privet/mock_delegates.h
index b661809..2065e9b 100644
--- a/src/privet/mock_delegates.h
+++ b/src/privet/mock_delegates.h
@@ -64,6 +64,8 @@
UserInfo(const std::string&, base::Time*));
MOCK_CONST_METHOD0(GetPairingTypes, std::set<PairingType>());
MOCK_CONST_METHOD0(GetCryptoTypes, std::set<CryptoType>());
+ MOCK_METHOD0(ClaimRootClientAuthToken, std::string());
+ MOCK_METHOD1(ConfirmAuthToken, bool(const std::string& token));
MOCK_CONST_METHOD1(IsValidPairingCode, bool(const std::string&));
MOCK_METHOD5(
StartPairing,
@@ -80,6 +82,9 @@
EXPECT_CALL(*this, CreateAccessToken(_))
.WillRepeatedly(Return("GuestAccessToken"));
+ EXPECT_CALL(*this, ClaimRootClientAuthToken())
+ .WillRepeatedly(Return("RootClientAuthToken"));
+
EXPECT_CALL(*this, ParseAccessToken(_, _))
.WillRepeatedly(DoAll(SetArgPointee<1>(base::Time::Now()),
Return(UserInfo{AuthScope::kViewer, 1234567})));
diff --git a/src/privet/privet_handler.cc b/src/privet/privet_handler.cc
index ab4eece..94061a5 100644
--- a/src/privet/privet_handler.cc
+++ b/src/privet/privet_handler.cc
@@ -685,6 +685,7 @@
output.SetString(kAuthTokenTypeKey, kAuthorizationHeaderPrefix);
output.SetInteger(kAuthExpiresInKey, kAccessTokenExpirationSeconds);
output.SetString(kAuthScopeKey, EnumToString(requested_auth_scope));
+
callback.Run(http::kOk, output);
}
diff --git a/src/privet/security_delegate.h b/src/privet/security_delegate.h
index 051bf20..3446c48 100644
--- a/src/privet/security_delegate.h
+++ b/src/privet/security_delegate.h
@@ -34,6 +34,13 @@
// Returns list of crypto methods supported by devices.
virtual std::set<CryptoType> GetCryptoTypes() const = 0;
+ // Returns Root Client Authorization Token.
+ virtual std::string ClaimRootClientAuthToken() = 0;
+
+ // Confirms pending pending token claim or checks that token is valid for the
+ // active secret.
+ virtual bool ConfirmAuthToken(const std::string& token) = 0;
+
// Returns true if |auth_code| provided by client is valid. Client should
// obtain |auth_code| during pairing process.
virtual bool IsValidPairingCode(const std::string& auth_code) const = 0;
diff --git a/src/privet/security_manager.cc b/src/privet/security_manager.cc
index 5018d5a..34c65f0 100644
--- a/src/privet/security_manager.cc
+++ b/src/privet/security_manager.cc
@@ -135,6 +135,17 @@
return result;
}
+std::string SecurityManager::ClaimRootClientAuthToken() {
+ return Base64Encode(auth_manager_->ClaimRootClientAuthToken());
+}
+
+bool SecurityManager::ConfirmAuthToken(const std::string& token) {
+ std::vector<uint8_t> token_decoded;
+ if (!Base64Decode(token, &token_decoded))
+ return false;
+ return auth_manager_->ConfirmAuthToken(token_decoded);
+}
+
bool SecurityManager::IsValidPairingCode(const std::string& auth_code) const {
if (is_security_disabled_)
return true;
diff --git a/src/privet/security_manager.h b/src/privet/security_manager.h
index 7a3c56a..5d9b75a 100644
--- a/src/privet/security_manager.h
+++ b/src/privet/security_manager.h
@@ -65,6 +65,8 @@
base::Time* time) const override;
std::set<PairingType> GetPairingTypes() const override;
std::set<CryptoType> GetCryptoTypes() const override;
+ std::string ClaimRootClientAuthToken() override;
+ bool ConfirmAuthToken(const std::string& token) override;
bool IsValidPairingCode(const std::string& auth_code) const override;
bool StartPairing(PairingType mode,