Repository: kudu Updated Branches: refs/heads/master 000cf8286 -> 4a0fa0921
[security] TokenSigner requires non-empty username TokenSigner requires non-empty username when generating authn token. Change-Id: I2b65da27220183d79e16205ac8e65c0cad301aff Reviewed-on: http://gerrit.cloudera.org:8080/6120 Reviewed-by: Todd Lipcon <[email protected]> Tested-by: Kudu Jenkins Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4a0fa092 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4a0fa092 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4a0fa092 Branch: refs/heads/master Commit: 4a0fa092121986a950aa30374dda15515ac02dc3 Parents: 000cf82 Author: Alexey Serbin <[email protected]> Authored: Wed Feb 22 18:15:21 2017 -0800 Committer: Alexey Serbin <[email protected]> Committed: Thu Feb 23 03:39:57 2017 +0000 ---------------------------------------------------------------------- src/kudu/security/token-test.cc | 8 ++++++++ src/kudu/security/token_signer.cc | 3 +++ 2 files changed, 11 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc index d641214..8d3ddee 100644 --- a/src/kudu/security/token-test.cc +++ b/src/kudu/security/token-test.cc @@ -120,6 +120,14 @@ TEST_F(TokenTest, TestInit) { ASSERT_TRUE(token.has_signature()); } +TEST_F(TokenTest, TestGenerateAuthToken) { + TokenSigner signer(10, 10); + SignedTokenPB signed_token_pb; + const Status& s = signer.GenerateAuthnToken("", &signed_token_pb); + EXPECT_TRUE(s.IsInvalidArgument()) << s.ToString(); + ASSERT_STR_CONTAINS(s.ToString(), "no username provided for authn token"); +} + TEST_F(TokenTest, TestTokenSignerAddKeys) { { TokenSigner signer(10, 10); http://git-wip-us.apache.org/repos/asf/kudu/blob/4a0fa092/src/kudu/security/token_signer.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/token_signer.cc b/src/kudu/security/token_signer.cc index c4a54d5..20dc8a6 100644 --- a/src/kudu/security/token_signer.cc +++ b/src/kudu/security/token_signer.cc @@ -127,6 +127,9 @@ Status TokenSigner::ImportKeys(const vector<TokenSigningPrivateKeyPB>& keys) { Status TokenSigner::GenerateAuthnToken(string username, SignedTokenPB* signed_token) const { + if (username.empty()) { + return Status::InvalidArgument("no username provided for authn token"); + } TokenPB token; token.set_expire_unix_epoch_seconds( WallTime_Now() + authn_token_validity_seconds_);
