Google Git
Sign in
weave/weave/libweave/70c8642747634743cecac1944b3fdfe746fd9e1a^!/.
commit
70c8642747634743cecac1944b3fdfe746fd9e1a
[log] [tgz]
author
Vitaly Buka <vitalybuka@google.com>
Wed Jan 27 18:56:37 2016 -0800
committer
Vitaly Buka <vitalybuka@google.com>
Thu Jan 28 18:52:56 2016 +0000
tree
310ebe971360c0469fd32fa7bc7c28a02125519f
parent
d5f7aabc2a7e414c63dc5a20a294c71a54111910 [diff]
Add kUwMacaroonDelegateeTypeService caveat

BUG: 26292014

Change-Id: I4edc9fea58265d8345010023c88208155772e6f9
Reviewed-on: https://weave-review.googlesource.com/2382
Reviewed-by: Alex Vakulenko <avakulenko@google.com>

diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 0a2b75a..71a4f39 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc

@@ -106,17 +106,17 @@
   DISALLOW_COPY_AND_ASSIGN(UserIdCaveat);
 };
 
-// class ServiceCaveat : public Caveat {
-//  public:
-//   ServiceCaveat() : Caveat(kUwMacaroonCaveatTypeDelegateeService, 0) {
-//     // TODO: Replace with service delegatee.
-//     CHECK(uw_macaroon_caveat_create_delegatee_user_(
-//         nullptr, 0, buffer_.data(), buffer_.size(),
-//         &caveat_));
-//   }
+class ServiceCaveat : public Caveat {
+ public:
+  explicit ServiceCaveat(const std::string& id)
+      : Caveat(kUwMacaroonCaveatTypeDelegateeService, id.size()) {
+    CHECK(uw_macaroon_caveat_create_delegatee_service_(
+        reinterpret_cast<const uint8_t*>(id.data()), id.size(), buffer_.data(),
+        buffer_.size(), &caveat_));
+  }
 
-//   DISALLOW_COPY_AND_ASSIGN(ServiceCaveat);
-// };
+  DISALLOW_COPY_AND_ASSIGN(ServiceCaveat);
+};
 
 class SessionIdCaveat : public Caveat {
  public:
@@ -348,7 +348,7 @@
   // values.
   CHECK_GE(FromJ2000Time(result.expiration_time), now);
   CHECK_EQ(1u, result.num_delegatees);
-  CHECK(!result.delegatees[0].is_app);
+  CHECK_EQ(kUwMacaroonDelegateeTypeUser, result.delegatees[0].type);
   std::string user_id{reinterpret_cast<const char*>(result.delegatees[0].id),
                       result.delegatees[0].id_len};
   if (user_info)
@@ -405,10 +405,8 @@
   const base::Time now = Now();
   TimestampCaveat issued{now};
 
-  UserIdCaveat client{""};
-  // TODO: service caveat when available.
-  // ServiceCaveat cloud;
-
+  ServiceCaveat client{owner == RootClientTokenOwner::kCloud ? "google.com"
+                                                             : "privet"};
   return CreateMacaroonToken(
       auth_secret_, now,
       {
@@ -464,7 +462,7 @@
   auto last_user_id =
       std::find_if(delegates_rbegin, delegates_rend,
                    [](const UwMacaroonDelegateeInfo& delegatee) {
-                     return !delegatee.is_app;
+                     return delegatee.type == kUwMacaroonDelegateeTypeUser;
                    });
 
   if (last_user_id == delegates_rend || !last_user_id->id_len) {

diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc
index d74abd8..2adb1c2 100644
--- a/src/privet/auth_manager_unittest.cc
+++ b/src/privet/auth_manager_unittest.cc

@@ -146,21 +146,21 @@
 }
 
 TEST_F(AuthManagerTest, GetRootClientAuthToken) {
-  EXPECT_EQ("WCCDQxkgAUYIGhudoQBCCUBQn9rT/8iUzwKa0ZIAgCNxyg==",
+  EXPECT_EQ("WCaDQxkgAUYIGhudoQBIDEZwcml2ZXRQ5aV4jIdY2JGosyU0APnQpA==",
             Base64Encode(
                 auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient)));
 }
 
 TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentOwner) {
   EXPECT_EQ(
-      "WCCDQxkgAUYIGhudoQBCCUBQn9rT/8iUzwKa0ZIAgCNxyg==",
+      "WCqDQxkgAUYIGhudoQBMDEpnb29nbGUuY29tUOoLAxSUAZAAv54drarqhag=",
       Base64Encode(auth_.GetRootClientAuthToken(RootClientTokenOwner::kCloud)));
 }
 
 TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentTime) {
   auto new_time = clock_.Now() + base::TimeDelta::FromDays(15);
   EXPECT_CALL(clock_, Now()).WillRepeatedly(Return(new_time));
-  EXPECT_EQ("WCCDQxkgAUYIGhuxZ4BCCUBQmNBWA9KdLzxHUCMqzonDZw==",
+  EXPECT_EQ("WCaDQxkgAUYIGhuxZ4BIDEZwcml2ZXRQsDNy7gcfJT/yvRs3/q40oA==",
             Base64Encode(
                 auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient)));
 }
@@ -168,7 +168,7 @@
 TEST_F(AuthManagerTest, GetRootClientAuthTokenDifferentSecret) {
   AuthManager auth{kSecret2, {}, kSecret1, &clock_};
   EXPECT_EQ(
-      "WCCDQxkgAUYIGhudoQBCCUBQQ/BSJs7FEI260RnwjlJrVw==",
+      "WCaDQxkgAUYIGhudoQBIDEZwcml2ZXRQKw9xcidyzrelxUkgkLmv1g==",
       Base64Encode(auth.GetRootClientAuthToken(RootClientTokenOwner::kClient)));
 }
 
@@ -205,12 +205,12 @@
   std::vector<uint8_t> access_token;
   AuthScope scope;
   base::TimeDelta ttl;
-  auto root = auth_.GetRootClientAuthToken(RootClientTokenOwner::kClient);
+  auto root = auth_.GetRootClientAuthToken(RootClientTokenOwner::kCloud);
   auto extended = DelegateToUser(root, base::TimeDelta::FromSeconds(1000),
                                  UserInfo{AuthScope::kUser, "234"});
   EXPECT_EQ(
-      "WEWIQxkgAUYIGhudoQBCCUBGCBobnaEARgUaG52k6EIBDkUJQzIzNE0RSzQ2MzMxNTIwMDox"
-      "UHN8Lm+CUQo7s84Sh+grpAE=",
+      "WE+IQxkgAUYIGhudoQBMDEpnb29nbGUuY29tRggaG52hAEYFGhudpOhCAQ5FCUMyMzRNEUs0"
+      "NjMzMTUyMDA6MVCRVKU+0SpOoBppnwqdKMwP",
       Base64Encode(extended));
   EXPECT_TRUE(
       auth_.CreateAccessTokenFromAuth(extended, base::TimeDelta::FromDays(1),