Get list of auth modes from AuthManger
BUG=25768507
Change-Id: I6694f961fab045ef9dcd1b6cfbe8a2b2d82861c5
Reviewed-on: https://weave-review.googlesource.com/2064
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 4d0d2a3..61f5a09 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc
@@ -276,5 +276,20 @@
return result;
}
+bool AuthManager::IsAnonymousAuthSupported() const {
+ return !config_ ||
+ config_->GetSettings().local_anonymous_access_role != AuthScope::kNone;
+}
+
+bool AuthManager::IsPairingAuthSupported() const {
+ return !config_ || config_->GetSettings().local_pairing_enabled;
+}
+
+bool AuthManager::IsLocalAuthSupported() const {
+ return !config_ ||
+ config_->GetSettings().root_client_token_owner !=
+ RootClientTokenOwner::kNone;
+}
+
} // namespace privet
} // namespace weave
diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index 1e6ad01..00d6e32 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h
@@ -62,8 +62,12 @@
std::vector<uint8_t> CreateSessionId();
+ bool IsAnonymousAuthSupported() const;
+ bool IsPairingAuthSupported() const;
+ bool IsLocalAuthSupported() const;
+
private:
- Config* config_{nullptr};
+ Config* config_{nullptr}; // Can be nullptr for tests.
base::DefaultClock default_clock_;
base::Clock* clock_{&default_clock_};
uint32_t session_counter_{0};
diff --git a/src/privet/mock_delegates.h b/src/privet/mock_delegates.h
index 476bc8d..c75d438 100644
--- a/src/privet/mock_delegates.h
+++ b/src/privet/mock_delegates.h
@@ -74,6 +74,7 @@
bool(const std::string&, UserInfo*, ErrorPtr*));
MOCK_CONST_METHOD0(GetPairingTypes, std::set<PairingType>());
MOCK_CONST_METHOD0(GetCryptoTypes, std::set<CryptoType>());
+ MOCK_CONST_METHOD0(GetAuthTypes, std::set<AuthType>());
MOCK_METHOD1(ClaimRootClientAuthToken, std::string(ErrorPtr*));
MOCK_METHOD2(ConfirmClientAuthToken, bool(const std::string&, ErrorPtr*));
MOCK_METHOD5(
@@ -115,6 +116,10 @@
.WillRepeatedly(Return(std::set<CryptoType>{
CryptoType::kSpake_p224,
}));
+ EXPECT_CALL(*this, GetAuthTypes())
+ .WillRepeatedly(Return(std::set<AuthType>{
+ AuthType::kAnonymous, AuthType::kPairing, AuthType::kLocal,
+ }));
EXPECT_CALL(*this, StartPairing(_, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>("testSession"),
diff --git a/src/privet/privet_handler.cc b/src/privet/privet_handler.cc
index ef0c54e..db55861 100644
--- a/src/privet/privet_handler.cc
+++ b/src/privet/privet_handler.cc
@@ -253,13 +253,8 @@
auth->Set(kPairingKey, pairing_types.release());
std::unique_ptr<base::ListValue> auth_types(new base::ListValue());
- auth_types->AppendString(EnumToString(AuthType::kAnonymous));
- auth_types->AppendString(EnumToString(AuthType::kPairing));
-
- // TODO(vitalybuka): Implement cloud auth.
- // if (cloud.GetConnectionState().IsStatusEqual(ConnectionState::kOnline)) {
- // auth_types->AppendString(kAuthTypeCloudValue);
- // }
+ for (AuthType type : security.GetAuthTypes())
+ auth_types->AppendString(EnumToString(type));
auth->Set(kAuthModeKey, auth_types.release());
std::unique_ptr<base::ListValue> crypto_types(new base::ListValue());
diff --git a/src/privet/privet_handler_unittest.cc b/src/privet/privet_handler_unittest.cc
index 6fa6f35..6d6a289 100644
--- a/src/privet/privet_handler_unittest.cc
+++ b/src/privet/privet_handler_unittest.cc
@@ -217,6 +217,8 @@
.WillRepeatedly(Return(std::set<PairingType>{}));
EXPECT_CALL(security_, GetCryptoTypes())
.WillRepeatedly(Return(std::set<CryptoType>{}));
+ EXPECT_CALL(security_, GetAuthTypes())
+ .WillRepeatedly(Return(std::set<AuthType>{}));
const char kExpected[] = R"({
'version': '3.0',
@@ -238,8 +240,6 @@
'authentication': {
'anonymousMaxScope': 'user',
'mode': [
- 'anonymous',
- 'pairing'
],
'pairing': [
],
@@ -290,7 +290,8 @@
'anonymousMaxScope': 'none',
'mode': [
'anonymous',
- 'pairing'
+ 'pairing',
+ 'local'
],
'pairing': [
'pinCode',
diff --git a/src/privet/security_delegate.h b/src/privet/security_delegate.h
index 42021fd..867ff2a 100644
--- a/src/privet/security_delegate.h
+++ b/src/privet/security_delegate.h
@@ -41,6 +41,9 @@
// Returns list of crypto methods supported by devices.
virtual std::set<CryptoType> GetCryptoTypes() const = 0;
+ // Returns list of auth methods supported by devices.
+ virtual std::set<AuthType> GetAuthTypes() const = 0;
+
// Returns Root Client Authorization Token.
virtual std::string ClaimRootClientAuthToken(ErrorPtr* error) = 0;
diff --git a/src/privet/security_manager.cc b/src/privet/security_manager.cc
index 7c44963..bc8dc4f 100644
--- a/src/privet/security_manager.cc
+++ b/src/privet/security_manager.cc
@@ -118,19 +118,33 @@
AuthScope* access_token_scope,
base::TimeDelta* access_token_ttl,
ErrorPtr* error) {
+ auto disabled_mode = [](ErrorPtr* error) {
+ Error::AddTo(error, FROM_HERE, errors::kDomain, errors::kInvalidAuthMode,
+ "Mode is not available");
+ return false;
+ };
switch (auth_type) {
case AuthType::kAnonymous:
+ if (!auth_manager_->IsAnonymousAuthSupported())
+ return disabled_mode(error);
break;
case AuthType::kPairing:
+ if (!auth_manager_->IsPairingAuthSupported())
+ return disabled_mode(error);
if (!IsValidPairingCode(auth_code)) {
Error::AddTo(error, FROM_HERE, errors::kDomain,
errors::kInvalidAuthCode, "Invalid authCode");
return false;
}
break;
+ case AuthType::kLocal:
+ if (!auth_manager_->IsLocalAuthSupported())
+ return disabled_mode(error);
+ NOTIMPLEMENTED();
+ // no break to fall back to default.
default:
- Error::AddToPrintf(error, FROM_HERE, errors::kDomain,
- errors::kInvalidAuthMode, "Unsupported auth mode");
+ Error::AddTo(error, FROM_HERE, errors::kDomain, errors::kInvalidAuthMode,
+ "Unsupported auth mode");
return false;
}
@@ -179,6 +193,20 @@
return result;
}
+std::set<AuthType> SecurityManager::GetAuthTypes() const {
+ std::set<AuthType> result;
+ if (auth_manager_->IsAnonymousAuthSupported())
+ result.insert(AuthType::kAnonymous);
+
+ if (auth_manager_->IsPairingAuthSupported())
+ result.insert(AuthType::kPairing);
+
+ if (auth_manager_->IsLocalAuthSupported())
+ result.insert(AuthType::kLocal);
+
+ return result;
+}
+
std::string SecurityManager::ClaimRootClientAuthToken(ErrorPtr* error) {
return Base64Encode(auth_manager_->ClaimRootClientAuthToken(
RootClientTokenOwner::kClient, error));
diff --git a/src/privet/security_manager.h b/src/privet/security_manager.h
index b80f6e7..5cb884f 100644
--- a/src/privet/security_manager.h
+++ b/src/privet/security_manager.h
@@ -72,6 +72,7 @@
ErrorPtr* error) const override;
std::set<PairingType> GetPairingTypes() const override;
std::set<CryptoType> GetCryptoTypes() const override;
+ std::set<AuthType> GetAuthTypes() const override;
std::string ClaimRootClientAuthToken(ErrorPtr* error) override;
bool ConfirmClientAuthToken(const std::string& token,
ErrorPtr* error) override;
@@ -103,9 +104,9 @@
AuthManager* auth_manager_{nullptr};
// If true allows unencrypted pairing and accepts any access code.
- bool is_security_disabled_{false};
- std::set<PairingType> pairing_modes_;
- std::string embedded_code_;
+ const bool is_security_disabled_{false};
+ const std::set<PairingType> pairing_modes_;
+ const std::string embedded_code_;
// TODO(vitalybuka): Session cleanup can be done without posting tasks.
provider::TaskRunner* task_runner_{nullptr};
std::map<std::string, std::unique_ptr<KeyExchanger>> pending_sessions_;
