You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2017/02/23 03:40:37 UTC

kudu git commit: [security] TokenSigner requires non-empty username

Repository: kudu
Updated Branches:
  refs/heads/master 000cf8286 -> 4a0fa0921


[security] TokenSigner requires non-empty username

TokenSigner requires non-empty username when generating authn token.

Change-Id: I2b65da27220183d79e16205ac8e65c0cad301aff
Reviewed-on: http://gerrit.cloudera.org:8080/6120
Reviewed-by: Todd Lipcon <to...@apache.org>
Tested-by: Kudu Jenkins


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4a0fa092
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4a0fa092
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4a0fa092

Branch: refs/heads/master
Commit: 4a0fa092121986a950aa30374dda15515ac02dc3
Parents: 000cf82
Author: Alexey Serbin <as...@cloudera.com>
Authored: Wed Feb 22 18:15:21 2017 -0800
Committer: Alexey Serbin <as...@cloudera.com>
Committed: Thu Feb 23 03:39:57 2017 +0000

----------------------------------------------------------------------
 src/kudu/security/token-test.cc   | 8 ++++++++
 src/kudu/security/token_signer.cc | 3 +++
 2 files changed, 11 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc
index d641214..8d3ddee 100644
--- a/src/kudu/security/token-test.cc
+++ b/src/kudu/security/token-test.cc
@@ -120,6 +120,14 @@ TEST_F(TokenTest, TestInit) {
   ASSERT_TRUE(token.has_signature());
 }
 
+TEST_F(TokenTest, TestGenerateAuthToken) {
+  TokenSigner signer(10, 10);
+  SignedTokenPB signed_token_pb;
+  const Status& s = signer.GenerateAuthnToken("", &signed_token_pb);
+  EXPECT_TRUE(s.IsInvalidArgument()) << s.ToString();
+  ASSERT_STR_CONTAINS(s.ToString(), "no username provided for authn token");
+}
+
 TEST_F(TokenTest, TestTokenSignerAddKeys) {
   {
     TokenSigner signer(10, 10);

http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token_signer.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/token_signer.cc b/src/kudu/security/token_signer.cc
index c4a54d5..20dc8a6 100644
--- a/src/kudu/security/token_signer.cc
+++ b/src/kudu/security/token_signer.cc
@@ -127,6 +127,9 @@ Status TokenSigner::ImportKeys(const vector<TokenSigningPrivateKeyPB>& keys) {
 
 Status TokenSigner::GenerateAuthnToken(string username,
                                        SignedTokenPB* signed_token) const {
+  if (username.empty()) {
+    return Status::InvalidArgument("no username provided for authn token");
+  }
   TokenPB token;
   token.set_expire_unix_epoch_seconds(
       WallTime_Now() + authn_token_validity_seconds_);