commit ddd669f295a80313742930af20baf3c3cec87863
parent cf7de966155dad0d7e3d26986e0684149d0fa16b
Author: Antoine A <>
Date: Mon, 27 May 2024 11:43:26 +0900
bank: output auth token with prefix
Diffstat:
3 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/api/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/api/CoreBankApi.kt
@@ -126,7 +126,7 @@ private fun Routing.coreBankTokenApi(db: Database) {
}
call.respond(
TokenSuccessResponse(
- access_token = token.encoded(),
+ access_token = "$TOKEN_PREFIX$token",
expiration = TalerProtocolTimestamp(t_s = expirationTimestamp)
)
)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/auth/auth.kt b/bank/src/main/kotlin/tech/libeufin/bank/auth/auth.kt
@@ -38,6 +38,8 @@ private val AUTH_IS_ADMIN = AttributeKey<Boolean>("is_admin")
/** Used to store used auth token */
private val AUTH_TOKEN = AttributeKey<ByteArray>("auth_token")
+const val TOKEN_PREFIX = "secret-token:"
+
/** Get username of the request account */
val ApplicationCall.username: String get() = parameters.expect("USERNAME")
/** Get username of the request account */
@@ -156,7 +158,7 @@ private suspend fun ApplicationCall.doTokenAuth(
bearer: String,
requiredScope: TokenScope,
): String {
- if (!bearer.startsWith("secret-token:")) throw badRequest(
+ if (!bearer.startsWith(TOKEN_PREFIX)) throw badRequest(
"Bearer token malformed",
TalerErrorCode.GENERIC_HTTP_HEADERS_MALFORMED
)
diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt
@@ -24,6 +24,7 @@ import io.ktor.server.testing.*
import kotlinx.serialization.json.JsonElement
import org.junit.Test
import tech.libeufin.bank.*
+import tech.libeufin.bank.auth.*
import tech.libeufin.common.*
import java.time.Duration
import java.time.Instant
@@ -64,7 +65,7 @@ class CoreBankTokenApiTest {
json { "scope" to "readonly" }
}.assertOkJson<TokenSuccessResponse> {
// Checking that the token lifetime defaulted to 24 hours.
- val token = db.token.get(Base32Crockford.decode(it.access_token))
+ val token = db.token.get(Base32Crockford.decode(it.access_token.removePrefix(TOKEN_PREFIX)))
val lifeTime = Duration.between(token!!.creationTime, token.expirationTime)
assertEquals(Duration.ofDays(1), lifeTime)
}
@@ -74,7 +75,7 @@ class CoreBankTokenApiTest {
json { "scope" to "readonly" }
}.assertOkJson<TokenSuccessResponse> {
// Checking that the token lifetime defaulted to 24 hours.
- val token = db.token.get(Base32Crockford.decode(it.access_token))
+ val token = db.token.get(Base32Crockford.decode(it.access_token.removePrefix(TOKEN_PREFIX)))
val lifeTime = Duration.between(token!!.creationTime, token.expirationTime)
assertEquals(Duration.ofDays(1), lifeTime)
}
@@ -88,7 +89,7 @@ class CoreBankTokenApiTest {
}.assertOkJson<TokenSuccessResponse> {
val token = it.access_token
client.post("/accounts/merchant/token") {
- headers["Authorization"] = "Bearer secret-token:$token"
+ headers["Authorization"] = "Bearer $token"
json { "scope" to "readonly" }
}.assertOk()
}
@@ -142,11 +143,11 @@ class CoreBankTokenApiTest {
}.assertOkJson<TokenSuccessResponse>().access_token
// Check OK
client.delete("/accounts/merchant/token") {
- headers["Authorization"] = "Bearer secret-token:$token"
+ headers["Authorization"] = "Bearer $token"
}.assertNoContent()
// Check token no longer work
client.delete("/accounts/merchant/token") {
- headers["Authorization"] = "Bearer secret-token:$token"
+ headers["Authorization"] = "Bearer $token"
}.assertUnauthorized()
// Checking merchant can still be served by basic auth, after token deletion.
@@ -515,7 +516,7 @@ class CoreBankAccountsApiTest {
// Check account can no longer login
client.delete("/accounts/customer/token") {
- headers["Authorization"] = "Bearer secret-token:$token"
+ headers["Authorization"] = "Bearer $token"
}.assertUnauthorized()
client.getA("/accounts/customer/transactions/$tx_id").assertUnauthorized()
client.getA("/accounts/customer/cashouts/$cashout_id").assertUnauthorized()
