Skip to content

Commit

Permalink
Fix auth ticket (#1341)
Browse files Browse the repository at this point in the history 
* fix read auth ticket

* fix unit test

* convert to base64
  • Loading branch information
@Hitenjain14
Hitenjain14 authored Dec 5, 2023
1 parent d3ecd2a commit ff4262f
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 9 deletions.
11 changes: 6 additions & 5 deletions code/go/0chain.net/blobbercore/handler/handler_download_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package handler

import (
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
Expand Down Expand Up @@ -482,7 +483,7 @@ func TestHandlers_Download(t *testing.T) {
r.Header.Set("X-Verify-Download", fmt.Sprint(true))
r.Header.Set("X-Connection-ID", connectionID)
r.Header.Set("X-Mode", DownloadContentFull)
r.Header.Set("X-Auth-Token", authTicket)
r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
r.Header.Set(common.ClientSignatureHeader, sign)
r.Header.Set(common.ClientHeader, guestClient.ClientID)
r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
Expand Down Expand Up @@ -563,7 +564,7 @@ func TestHandlers_Download(t *testing.T) {
r.Header.Set("X-Verify-Download", fmt.Sprint(true))
r.Header.Set("X-Connection-ID", connectionID)
r.Header.Set("X-Mode", DownloadContentFull)
r.Header.Set("X-Auth-Token", authTicket)
r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
r.Header.Set(common.ClientSignatureHeader, sign)
r.Header.Set(common.ClientHeader, guestClient.ClientID)
r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
Expand Down Expand Up @@ -677,7 +678,7 @@ func TestHandlers_Download(t *testing.T) {
r.Header.Set("X-Verify-Download", fmt.Sprint(true))
r.Header.Set("X-Connection-ID", connectionID)
r.Header.Set("X-Mode", DownloadContentFull)
r.Header.Set("X-Auth-Token", authTicket)
r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
r.Header.Set(common.ClientSignatureHeader, sign)
r.Header.Set(common.ClientHeader, guestClient.ClientID)
r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
Expand Down Expand Up @@ -797,7 +798,7 @@ func TestHandlers_Download(t *testing.T) {
r.Header.Set("X-Verify-Download", fmt.Sprint(true))
r.Header.Set("X-Connection-ID", connectionID)
r.Header.Set("X-Mode", DownloadContentFull)
r.Header.Set("X-Auth-Token", authTicket)
r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
r.Header.Set(common.ClientSignatureHeader, sign)
r.Header.Set(common.ClientHeader, guestClient.ClientID)
r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
Expand Down Expand Up @@ -916,7 +917,7 @@ func TestHandlers_Download(t *testing.T) {
r.Header.Set("X-Verify-Download", fmt.Sprint(true))
r.Header.Set("X-Connection-ID", connectionID)
r.Header.Set("X-Mode", DownloadContentFull)
r.Header.Set("X-Auth-Token", authTicket)
r.Header.Set("X-Auth-Token", base64.StdEncoding.EncodeToString([]byte(authTicket)))
r.Header.Set(common.ClientSignatureHeader, sign)
r.Header.Set(common.ClientHeader, guestClient.ClientID)
r.Header.Set(common.ClientKeyHeader, guestClient.ClientKey)
Expand Down
10 changes: 7 additions & 3 deletions code/go/0chain.net/blobbercore/handler/object_operation_handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package handler

import (
"context"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
Expand Down Expand Up @@ -316,12 +317,15 @@ func (fsh *StorageHandler) DownloadFile(ctx context.Context, r *http.Request) (i
var shareInfo *reference.ShareInfo

if !isOwner {
authTokenString := dr.AuthToken
if authTokenString == "" {
if dr.AuthToken == "" {
return nil, common.NewError("invalid_authticket", "authticket is required")
}
authTokenString, err := base64.StdEncoding.DecodeString(dr.AuthToken)
if err != nil {
return nil, common.NewError("invalid_authticket", err.Error())
}

if authToken, err = fsh.verifyAuthTicket(ctx, authTokenString, alloc, fileref, clientID, false); authToken == nil {
if authToken, err = fsh.verifyAuthTicket(ctx, string(authTokenString), alloc, fileref, clientID, false); authToken == nil {
return nil, common.NewErrorf("invalid_authticket", "cannot verify auth ticket: %v", err)
}

Expand Down
4 changes: 3 additions & 1 deletion code/go/0chain.net/blobbercore/handler/object_operation_handler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package handler
import (
"context"
"database/sql/driver"
"encoding/base64"
"encoding/json"
"fmt"
"log"
Expand Down Expand Up @@ -127,7 +128,8 @@ func TestDownloadFile(t *testing.T) {
require.NoError(t, authTicket.Sign())
require.NoError(t, client.PopulateClient(mockClientWallet, "bls0chain"))
authTicketBytes, _ := json.Marshal(authTicket)
req.Header.Set("X-Auth-Token", string(authTicketBytes))
auth := base64.StdEncoding.EncodeToString(authTicketBytes)
req.Header.Set("X-Auth-Token", auth)
}
if len(p.inData.contentMode) > 0 {
req.Header.Set("X-Mode", p.inData.contentMode)
Expand Down

0 comments on commit ff4262f

Please sign in to comment.