Remove initial token for WS. (#9545)

This commit is contained in:
Tomasz Drwięga 2018-09-13 10:58:52 +02:00 committed by 5chdn
parent 6a072b2208
commit 24480cc415
No known key found for this signature in database
GPG Key ID: 1A40871B597F5F80
2 changed files with 5 additions and 34 deletions

View File

@ -50,8 +50,6 @@ impl TimeProvider for DefaultTimeProvider {
const TIME_THRESHOLD: u64 = 7; const TIME_THRESHOLD: u64 = 7;
/// minimal length of hash /// minimal length of hash
const TOKEN_LENGTH: usize = 16; const TOKEN_LENGTH: usize = 16;
/// special "initial" token used for authorization when there are no tokens yet.
const INITIAL_TOKEN: &'static str = "initial";
/// Separator between fields in serialized tokens file. /// Separator between fields in serialized tokens file.
const SEPARATOR: &'static str = ";"; const SEPARATOR: &'static str = ";";
/// Number of seconds to keep unused tokens. /// Number of seconds to keep unused tokens.
@ -163,16 +161,6 @@ impl<T: TimeProvider> AuthCodes<T> {
let as_token = |code| keccak(format!("{}:{}", code, time)); let as_token = |code| keccak(format!("{}:{}", code, time));
// Check if it's the initial token.
if self.is_empty() {
let initial = &as_token(INITIAL_TOKEN) == hash;
// Initial token can be used only once.
if initial {
let _ = self.generate_new();
}
return initial;
}
// look for code // look for code
for code in &mut self.codes { for code in &mut self.codes {
if &as_token(&code.code) == hash { if &as_token(&code.code) == hash {
@ -239,7 +227,7 @@ mod tests {
} }
#[test] #[test]
fn should_return_true_if_code_is_initial_and_store_is_empty() { fn should_return_false_even_if_code_is_initial_and_store_is_empty() {
// given // given
let code = "initial"; let code = "initial";
let time = 99; let time = 99;
@ -250,7 +238,7 @@ mod tests {
let res2 = codes.is_valid(&generate_hash(code, time), time); let res2 = codes.is_valid(&generate_hash(code, time), time);
// then // then
assert_eq!(res1, true); assert_eq!(res1, false);
assert_eq!(res2, false); assert_eq!(res2, false);
} }

View File

@ -136,7 +136,7 @@ mod testing {
} }
#[test] #[test]
fn should_allow_initial_connection_but_only_once() { fn should_not_allow_initial_connection_even_once() {
// given // given
let (server, port, authcodes) = serve(); let (server, port, authcodes) = serve();
let code = "initial"; let code = "initial";
@ -160,26 +160,9 @@ mod testing {
timestamp, timestamp,
) )
); );
let response2 = http_client::request(server.addr(),
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol:{:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
keccak(format!("{}:{}", code, timestamp)),
timestamp,
)
);
// then // then
assert_eq!(response1.status, "HTTP/1.1 101 Switching Protocols".to_owned()); assert_eq!(response1.status, "HTTP/1.1 403 Forbidden".to_owned());
assert_eq!(response2.status, "HTTP/1.1 403 Forbidden".to_owned()); http_client::assert_security_headers_present(&response1.headers, None);
http_client::assert_security_headers_present(&response2.headers, None);
} }
} }