Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

Remove initial token for WS #9545

Merged
merged 1 commit into from
Sep 13, 2018
Merged

Remove initial token for WS #9545

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 2 additions & 14 deletions rpc/src/authcodes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,6 @@ impl TimeProvider for DefaultTimeProvider {
const TIME_THRESHOLD: u64 = 7;
/// minimal length of hash
const TOKEN_LENGTH: usize = 16;
/// special "initial" token used for authorization when there are no tokens yet.
const INITIAL_TOKEN: &'static str = "initial";
/// Separator between fields in serialized tokens file.
const SEPARATOR: &'static str = ";";
/// Number of seconds to keep unused tokens.
Expand Down Expand Up @@ -163,16 +161,6 @@ impl<T: TimeProvider> AuthCodes<T> {

let as_token = |code| keccak(format!("{}:{}", code, time));

// Check if it's the initial token.
if self.is_empty() {
let initial = &as_token(INITIAL_TOKEN) == hash;
// Initial token can be used only once.
if initial {
let _ = self.generate_new();
}
return initial;
}

// look for code
for code in &mut self.codes {
if &as_token(&code.code) == hash {
Expand Down Expand Up @@ -239,7 +227,7 @@ mod tests {
}

#[test]
fn should_return_true_if_code_is_initial_and_store_is_empty() {
fn should_return_false_even_if_code_is_initial_and_store_is_empty() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is probably redundant now – maybe remove it?

// given
let code = "initial";
let time = 99;
Expand All @@ -250,7 +238,7 @@ mod tests {
let res2 = codes.is_valid(&generate_hash(code, time), time);

// then
assert_eq!(res1, true);
assert_eq!(res1, false);
assert_eq!(res2, false);
}

Expand Down
23 changes: 3 additions & 20 deletions rpc/src/tests/ws.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ mod testing {
}

#[test]
fn should_allow_initial_connection_but_only_once() {
fn should_not_allow_initial_connection_even_once() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the reference to the old test, but 'should_not_allow_initial_connection' would be simplier. You can ignore this grumble.

// given
let (server, port, authcodes) = serve();
let code = "initial";
Expand All @@ -160,26 +160,9 @@ mod testing {
timestamp,
)
);
let response2 = http_client::request(server.addr(),
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol:{:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
keccak(format!("{}:{}", code, timestamp)),
timestamp,
)
);

// then
assert_eq!(response1.status, "HTTP/1.1 101 Switching Protocols".to_owned());
assert_eq!(response2.status, "HTTP/1.1 403 Forbidden".to_owned());
http_client::assert_security_headers_present(&response2.headers, None);
assert_eq!(response1.status, "HTTP/1.1 403 Forbidden".to_owned());
http_client::assert_security_headers_present(&response1.headers, None);
}
}