commit b612e3cea994a6ea905baacfe2aab1ecc9e2027e
author Vitaly Buka <vitalybuka@google.com> Mon Feb 22 17:43:15 2016 -0800
committer Vitaly Buka <vitalybuka@google.com> Tue Feb 23 20:10:52 2016 +0000
tree 9777b204aebc3ef67ddbf3d3102ddcb103085463
parent d1d52e79eb282d47fb7290e02830d53da67e119b

Reset access token secret on new black list entry

To avoid checking all access tokens against black list, we just invalidate all
of them to make clients to go through auth API.

BUG:27300728
Change-Id: Iddf08e076037469db9dc859288645a8fe2991914
Reviewed-on: https://weave-review.googlesource.com/2708
Reviewed-by: Vitaly Buka <vitalybuka@google.com>

src/privet/auth_manager.h

diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index f0a5761..83899da 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h
@@ -10,6 +10,7 @@
 #include <vector>
 
 #include <base/gtest_prod_util.h>
+#include <base/memory/weak_ptr.h>
 #include <base/time/default_clock.h>
 #include <base/time/time.h>
 #include <weave/error.h>
@@ -18,6 +19,7 @@
 
 namespace weave {
 
+class AccessBlackListManager;
 class Config;
 enum class RootClientTokenOwner;
 
@@ -26,13 +28,15 @@
 class AuthManager {
  public:
   AuthManager(Config* config,
+              AccessBlackListManager* black_list,
               const std::vector<uint8_t>& certificate_fingerprint);
 
   // Constructor for tests.
   AuthManager(const std::vector<uint8_t>& auth_secret,
               const std::vector<uint8_t>& certificate_fingerprint,
               const std::vector<uint8_t>& access_secret,
-              base::Clock* clock = nullptr);
+              base::Clock* clock = nullptr,
+              AccessBlackListManager* black_list = nullptr);
   ~AuthManager();
 
   std::vector<uint8_t> CreateAccessToken(const UserInfo& user_info,
@@ -74,12 +78,15 @@
  private:
   friend class AuthManagerTest;
 
+  void ResetAccessSecret();
+
   // Test helpers. Device does not need to implement delegation.
   std::vector<uint8_t> DelegateToUser(const std::vector<uint8_t>& token,
                                       base::TimeDelta ttl,
                                       const UserInfo& user_info) const;
 
   Config* config_{nullptr};  // Can be nullptr for tests.
+  AccessBlackListManager* black_list_{nullptr};
   base::DefaultClock default_clock_;
   base::Clock* clock_{&default_clock_};
   mutable uint32_t session_counter_{0};
@@ -91,6 +98,7 @@
   std::deque<std::pair<std::unique_ptr<AuthManager>, RootClientTokenOwner>>
       pending_claims_;
 
+  base::WeakPtrFactory<AuthManager> weak_ptr_factory_{this};
   DISALLOW_COPY_AND_ASSIGN(AuthManager);
 };