Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token signatures and issuers #564

Merged
merged 3 commits into from
Mar 26, 2024
Merged

Token signatures and issuers #564

merged 3 commits into from
Mar 26, 2024

Conversation

cthulhu-rider
Copy link
Contributor

@cthulhu-rider cthulhu-rider force-pushed the feature/bearer-issuer branch 2 times, most recently from c006761 to bb870dc Compare March 5, 2024 09:56
@cthulhu-rider cthulhu-rider marked this pull request as ready for review March 5, 2024 09:57
@codecov Codecov
Copy link

codecov bot commented Mar 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 77.41935% with 7 lines in your changes are missing coverage. Please review.

Project coverage is 68.16%. Comparing base (331abfe) to head (4123c78).
Report is 15 commits behind head on master.

❗ Current head 4123c78 differs from pull request most recent head bd31d70. Consider uploading reports for the commit bd31d70 to get more accurate results

Files Patch % Lines
bearer/bearer.go 71.42% 5 Missing and 1 partial ⚠️
object/slicer/slicer.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #564      +/-   ##
==========================================
+ Coverage   68.15%   68.16%   +0.01%     
==========================================
  Files         122      122              
  Lines        9965     9987      +22     
==========================================
+ Hits         6792     6808      +16     
- Misses       2799     2804       +5     
- Partials      374      375       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

carpawell
carpawell reviewed Mar 5, 2024
View reviewed changes
bearer/bearer.go Outdated
// SignByIssuer combines [Token.Sign] and [Token.SetIssuer] in one call. Use
// this method for stable authorization in the system. SignByUser should not be
// mixed with the mentioned methods.
func (b *Token) SignByIssuer(signer user.Signer) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you do this one way and the next commit does it another way, why? why not just Sign that sets issuer?

Copy link
Contributor Author

@cthulhu-rider cthulhu-rider Mar 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

im constrained by what we already have:

  • bearer Sign accepts generic signer w/o an issuer, so new method is needed
  • session Sign does, so new method is needed for generic signature setting

sync would be breaking overall, but i agree that unified interface is easier to follow

@roman-khimov @smallhive

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd vote for Sign(signer user.Signer) unification, but I fear @amlwwalker will hate us for changing the interface again.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made same interface

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't hate anything you guys are doing @roman-khimov just have to keep up! 😂

roman-khimov
roman-khimov reviewed Mar 5, 2024
View reviewed changes
bearer/bearer.go Outdated Show resolved Hide resolved
object/slicer/slicer.go Show resolved Hide resolved
session/common.go Outdated Show resolved Hide resolved
session/container.go Show resolved Hide resolved
@roman-khimov roman-khimov added this to the v1.0.0-rc12 milestone Mar 15, 2024
@cthulhu-rider cthulhu-rider force-pushed the feature/bearer-issuer branch 5 times, most recently from b3cd074 to 4123c78 Compare March 18, 2024 12:07
roman-khimov
roman-khimov reviewed Mar 18, 2024
View reviewed changes
bearer/bearer.go Show resolved Hide resolved
bearer/bearer.go Outdated Show resolved Hide resolved
session/container.go Show resolved Hide resolved
@cthulhu-rider
bearer: Set issuer explicitly on signing
06e0977 
Dedicated field for the bearer token issuer was recently added to the
protocol nspcc-dev/neofs-api#266. Now SDK
provides getter and setter for it.

Previously, `Token` type accepted `neofscrypto.Signer` parameter in
`Sign` method to calculate and set signature of the bearer token.
Obviously, the method did not set nonexistent issuer field. The only way
to access the issuer was `ResolveIssuer` method resolving user ID from
the public key.

Now `Sign` method accepts parameter of `user.Signer` type to
additionally set issuer field. This is a breaking change overall, but
still needed for stable system authorization and library usage.

`ResolveIssuer` method now dual: it starts like `Issuer` and falls back
to the old behavior when field is missing.

Signed-off-by: Leonard Lyubich <[email protected]>
@cthulhu-rider
session: Override issuer in Sign
035b5ad 
Previously, `Sign` method set session token's issuer only if it had not
been set yet. This could lead to the unexpected behavior on signing
formed (completely or partially) token. Although this scenario is not
common in NeoFS - the token is created once and then only read - this
behavior does not make sense, so it's worth to be changed.

Closes #546.

Signed-off-by: Leonard Lyubich <[email protected]>
@cthulhu-rider
session: Add method to set token signature without issuer
bd31d70 
`Sign` method sets both issuer and signature of the token. There could
be a need to set signature only, e.g. for testing.

Now signature could be set via new method `SetSignature` also used by
`Sign` itself.

Refs #546.

Signed-off-by: Leonard Lyubich <[email protected]>
@cthulhu-rider
Copy link
Contributor Author

integration test failures aint related to these changes. #572

@roman-khimov roman-khimov merged commit 7f940dc into master Mar 26, 2024
13 of 19 checks passed
@roman-khimov roman-khimov deleted the feature/bearer-issuer branch March 26, 2024 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amlwwalker amlwwalker amlwwalker left review comments

@roman-khimov roman-khimov roman-khimov approved these changes

@carpawell carpawell carpawell approved these changes

@smallhive smallhive Awaiting requested review from smallhive smallhive is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0-rc12
Development

Successfully merging this pull request may close these issues.
4 participants
@cthulhu-rider @amlwwalker @roman-khimov @carpawell