Initial token should allow full access. (#5873)

This commit is contained in:
Tomasz Drwięga 2017-06-19 18:35:56 +02:00 committed by Gav Wood
parent e871b7a0ac
commit a19be3cb51

View File

@ -81,7 +81,7 @@ impl ws::MetaExtractor<Metadata> for WsExtractor {
let dapp = req.origin.as_ref().map(|origin| (&**origin).into()).unwrap_or_default(); let dapp = req.origin.as_ref().map(|origin| (&**origin).into()).unwrap_or_default();
metadata.origin = match self.authcodes_path { metadata.origin = match self.authcodes_path {
Some(ref path) => { Some(ref path) => {
let authorization = req.protocols.get(0).and_then(|p| auth_token_hash(&path, p)); let authorization = req.protocols.get(0).and_then(|p| auth_token_hash(&path, p, true));
match authorization { match authorization {
Some(id) => Origin::Signer { session: id.into(), dapp: dapp }, Some(id) => Origin::Signer { session: id.into(), dapp: dapp },
None => Origin::Ws { session: id.into(), dapp: dapp }, None => Origin::Ws { session: id.into(), dapp: dapp },
@ -117,7 +117,7 @@ impl ws::RequestMiddleware for WsExtractor {
let protocols = req.protocols().ok().unwrap_or_else(Vec::new); let protocols = req.protocols().ok().unwrap_or_else(Vec::new);
if let Some(ref path) = self.authcodes_path { if let Some(ref path) = self.authcodes_path {
if protocols.len() == 1 { if protocols.len() == 1 {
let authorization = auth_token_hash(&path, protocols[0]); let authorization = auth_token_hash(&path, protocols[0], false);
if authorization.is_none() { if authorization.is_none() {
warn!( warn!(
"Blocked connection from {} using invalid token.", "Blocked connection from {} using invalid token.",
@ -142,7 +142,7 @@ fn add_security_headers(res: &mut ws::ws::Response) {
headers.push(("X-Content-Type-Options".into(), b"nosniff".to_vec())); headers.push(("X-Content-Type-Options".into(), b"nosniff".to_vec()));
} }
fn auth_token_hash(codes_path: &Path, protocol: &str) -> Option<H256> { fn auth_token_hash(codes_path: &Path, protocol: &str, save_file: bool) -> Option<H256> {
let mut split = protocol.split('_'); let mut split = protocol.split('_');
let auth = split.next().and_then(|v| v.parse().ok()); let auth = split.next().and_then(|v| v.parse().ok());
let time = split.next().and_then(|v| u64::from_str_radix(v, 10).ok()); let time = split.next().and_then(|v| u64::from_str_radix(v, 10).ok());
@ -156,10 +156,13 @@ fn auth_token_hash(codes_path: &Path, protocol: &str) -> Option<H256> {
codes.clear_garbage(); codes.clear_garbage();
let res = codes.is_valid(&auth, time); let res = codes.is_valid(&auth, time);
if save_file {
// make sure to save back authcodes - it might have been modified // make sure to save back authcodes - it might have been modified
if codes.to_file(codes_path).is_err() { if codes.to_file(codes_path).is_err() {
warn!(target: "signer", "Couldn't save authorization codes to file."); warn!(target: "signer", "Couldn't save authorization codes to file.");
} }
}
if res { if res {
Some(auth) Some(auth)