Google Git
Sign in
weave/weave/libweave/e733c38c669ec83c0778e74fc4f8d2af70173e02^!/.
commit
e733c38c669ec83c0778e74fc4f8d2af70173e02
[log] [tgz]
author
Vitaly Buka <vitalybuka@google.com>
Tue Mar 08 19:12:12 2016 -0800
committer
Vitaly Buka <vitalybuka@google.com>
Wed Mar 09 17:55:21 2016 +0000
tree
bf56cfde87328b6fd4d16dc36e85597fc696004c
parent
8b897afa3af6adca3d3296c7e7d54021e6f090a0 [diff]
Take into account scope from /privet/v3/auth call

For local case the scope was ignored. Behavior was similar to "auto" scope.

Change-Id: I6aabca13929d10101f5b350641aa6edd84d50a23
Reviewed-on: https://weave-review.googlesource.com/2880
Reviewed-by: Alex Vakulenko <avakulenko@google.com>

diff --git a/src/privet/privet_handler.cc b/src/privet/privet_handler.cc
index 7afeb3b..97cacc5 100644
--- a/src/privet/privet_handler.cc
+++ b/src/privet/privet_handler.cc

@@ -713,6 +713,8 @@
     return ReturnError(*error, callback);
   }
 
+  CHECK_LE(access_token_scope, desired_scope);
+
   if (access_token_scope < acceptable_scope) {
     Error::AddToPrintf(&error, FROM_HERE, errors::kAccessDenied,
                        "Scope '%s' is not allowed",

diff --git a/src/privet/security_manager.cc b/src/privet/security_manager.cc
index 3b08613..3c11935 100644
--- a/src/privet/security_manager.cc
+++ b/src/privet/security_manager.cc

@@ -144,9 +144,11 @@
         return disabled_mode(error);
       const base::TimeDelta kTtl =
           base::TimeDelta::FromSeconds(kAccessTokenExpirationSeconds);
-      return auth_manager_->CreateAccessTokenFromAuth(
+      bool result = auth_manager_->CreateAccessTokenFromAuth(
           auth_code, kTtl, access_token, access_token_scope, access_token_ttl,
           error);
+      *access_token_scope = std::min(*access_token_scope, desired_scope);
+      return result;
   }
 
   return Error::AddTo(error, FROM_HERE, errors::kInvalidAuthMode,