Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not use deprecated AuthorizeSign

Browse Source
pull/914/head
Mariano Cano 2 years ago
parent 62d93a644e
commit 43ddcf2efe
6 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File

1
api/api.go
Unescape Escape View File

@ -35,7 +35,6 @@ type Authority interface {
SSHAuthority
// context specifies the Authorize[Sign|Revoke|etc.] method.
Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error)
AuthorizeSign(ott string) ([]provisioner.SignOption, error)
AuthorizeRenewToken(ctx context.Context, ott string) (*x509.Certificate, error)
GetTLSOptions() *config.TLSOptions
Root(shasum string) (*x509.Certificate, error)

12
api/api_test.go
Unescape Escape View File

@ -185,7 +185,7 @@ func mockMustAuthority(t *testing.T, a Authority) {
type mockAuthority struct {
ret1, ret2 interface{}
err error
authorizeSign func(ott string) ([]provisioner.SignOption, error)
authorize func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
authorizeRenewToken func(ctx context.Context, ott string) (*x509.Certificate, error)
getTLSOptions func() *authority.TLSOptions
root func(shasum string) (*x509.Certificate, error)
@ -214,12 +214,8 @@ type mockAuthority struct {
// TODO: remove once Authorize is deprecated.
func (m *mockAuthority) Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return m.AuthorizeSign(ott)
}
func (m *mockAuthority) AuthorizeSign(ott string) ([]provisioner.SignOption, error) {
if m.authorizeSign != nil {
return m.authorizeSign(ott)
if m.authorize != nil {
return m.authorize(ctx, ott)
}
return m.ret1.([]provisioner.SignOption), m.err
}
@ -908,7 +904,7 @@ func Test_Sign(t *testing.T) {
t.Run(tt.name, func(t *testing.T) {
mockMustAuthority(t, &mockAuthority{
ret1: tt.cert, ret2: tt.root, err: tt.signErr,
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return tt.certAttrOpts, tt.autherr
},
getTLSOptions: func() *authority.TLSOptions {

8
api/revoke_test.go
Unescape Escape View File

@ -108,7 +108,7 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input),
statusCode: http.StatusOK,
auth: &mockAuthority{
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
@ -152,7 +152,7 @@ func Test_caHandler_Revoke(t *testing.T) {
statusCode: http.StatusOK,
tls: cs,
auth: &mockAuthority{
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, ri *authority.RevokeOptions) error {
@ -187,7 +187,7 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input),
statusCode: http.StatusInternalServerError,
auth: &mockAuthority{
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
@ -209,7 +209,7 @@ func Test_caHandler_Revoke(t *testing.T) {
input: string(input),
statusCode: http.StatusForbidden,
auth: &mockAuthority{
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return nil, nil
},
revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {

7
api/sign.go
Unescape Escape View File

@ -68,8 +68,11 @@ func Sign(w http.ResponseWriter, r *http.Request) {
TemplateData: body.TemplateData,
}
a := mustAuthority(r.Context())
signOpts, err := a.AuthorizeSign(body.OTT)
ctx := r.Context()
a := mustAuthority(ctx)
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
signOpts, err := a.Authorize(ctx, body.OTT)
if err != nil {
render.Error(w, errs.UnauthorizedErr(err))
return

2
api/ssh_test.go
Unescape Escape View File

@ -316,7 +316,7 @@ func Test_SSHSign(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
mockMustAuthority(t, &mockAuthority{
authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
return []provisioner.SignOption{}, tt.authErr
},
signSSH: func(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {

3
authority/authorize.go
Unescape Escape View File

@ -251,8 +251,7 @@ func (a *Authority) authorizeSign(ctx context.Context, token string) ([]provisio
// AuthorizeSign authorizes a signature request by validating and authenticating
// a token that must be sent w/ the request.
//
// NOTE: This method is deprecated and should not be used. We make it available
// in the short term os as not to break existing clients.
// Deprecated: Use Authorize(context.Context, string) ([]provisioner.SignOption, error).
func (a *Authority) AuthorizeSign(token string) ([]provisioner.SignOption, error) {
ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.SignMethod)
return a.Authorize(ctx, token)

Write Preview
Loading…
Cancel
Save