You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2017/02/23 03:40:37 UTC
kudu git commit: [security] TokenSigner requires non-empty username
Repository: kudu
Updated Branches:
refs/heads/master 000cf8286 -> 4a0fa0921
[security] TokenSigner requires non-empty username
TokenSigner requires non-empty username when generating authn token.
Change-Id: I2b65da27220183d79e16205ac8e65c0cad301aff
Reviewed-on: http://gerrit.cloudera.org:8080/6120
Reviewed-by: Todd Lipcon <to...@apache.org>
Tested-by: Kudu Jenkins
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4a0fa092
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4a0fa092
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4a0fa092
Branch: refs/heads/master
Commit: 4a0fa092121986a950aa30374dda15515ac02dc3
Parents: 000cf82
Author: Alexey Serbin <as...@cloudera.com>
Authored: Wed Feb 22 18:15:21 2017 -0800
Committer: Alexey Serbin <as...@cloudera.com>
Committed: Thu Feb 23 03:39:57 2017 +0000
----------------------------------------------------------------------
src/kudu/security/token-test.cc | 8 ++++++++
src/kudu/security/token_signer.cc | 3 +++
2 files changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc
index d641214..8d3ddee 100644
--- a/src/kudu/security/token-test.cc
+++ b/src/kudu/security/token-test.cc
@@ -120,6 +120,14 @@ TEST_F(TokenTest, TestInit) {
ASSERT_TRUE(token.has_signature());
}
+TEST_F(TokenTest, TestGenerateAuthToken) {
+ TokenSigner signer(10, 10);
+ SignedTokenPB signed_token_pb;
+ const Status& s = signer.GenerateAuthnToken("", &signed_token_pb);
+ EXPECT_TRUE(s.IsInvalidArgument()) << s.ToString();
+ ASSERT_STR_CONTAINS(s.ToString(), "no username provided for authn token");
+}
+
TEST_F(TokenTest, TestTokenSignerAddKeys) {
{
TokenSigner signer(10, 10);
http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token_signer.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/token_signer.cc b/src/kudu/security/token_signer.cc
index c4a54d5..20dc8a6 100644
--- a/src/kudu/security/token_signer.cc
+++ b/src/kudu/security/token_signer.cc
@@ -127,6 +127,9 @@ Status TokenSigner::ImportKeys(const vector<TokenSigningPrivateKeyPB>& keys) {
Status TokenSigner::GenerateAuthnToken(string username,
SignedTokenPB* signed_token) const {
+ if (username.empty()) {
+ return Status::InvalidArgument("no username provided for authn token");
+ }
TokenPB token;
token.set_expire_unix_epoch_seconds(
WallTime_Now() + authn_token_validity_seconds_);