From 6798baadf3b30dc9b7e15db3d90cd7b66f46c8bf Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Wed, 26 May 2021 16:44:55 +0200 Subject: [PATCH] Add checks for expired passwords --- pkg/appauth/manager/json/json.go | 6 ++- pkg/appauth/manager/json/json_test.go | 67 +++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/pkg/appauth/manager/json/json.go b/pkg/appauth/manager/json/json.go index af4f3afad3..f066341f3b 100644 --- a/pkg/appauth/manager/json/json.go +++ b/pkg/appauth/manager/json/json.go @@ -180,7 +180,7 @@ func (mgr *jsonManager) InvalidateAppPassword(ctx context.Context, password stri if _, ok := appPasswords[password]; !ok { return errtypes.BadRequest("password not found") } - delete(appPasswords, password) + delete(mgr.passwords[userID.String()], password) // if user has 0 passwords, delete user key from state map if len(mgr.passwords[userID.String()]) == 0 { @@ -204,6 +204,10 @@ func (mgr *jsonManager) GetAppPassword(ctx context.Context, userID *userpb.UserI return nil, errtypes.BadRequest("password not found") } + if pw.Expiration != nil && pw.Expiration.Seconds != 0 && uint64(time.Now().Unix()) > pw.Expiration.Seconds { + return nil, errtypes.BadRequest("password not found") + } + pw.Utime = now() if err := mgr.save(); err != nil { return nil, errors.Wrap(err, "error saving file") diff --git a/pkg/appauth/manager/json/json_test.go b/pkg/appauth/manager/json/json_test.go index 524150b018..e48540254b 100644 --- a/pkg/appauth/manager/json/json_test.go +++ b/pkg/appauth/manager/json/json_test.go @@ -282,7 +282,23 @@ func TestListAppPasswords(t *testing.T) { }, }} + dummyDataUserExpired := map[string]map[string]*apppb.AppPassword{ + user0Test.GetId().String(): { + token: { + Password: token, + TokenScope: nil, + Label: "label", + User: user0Test.GetId(), + Expiration: &typespb.Timestamp{ + Seconds: 100, + }, + Ctime: now, + Utime: now, + }, + }} + dummyDataUser0JSON, _ := json.Marshal(dummyDataUser0) + dummyDataUserExpiredJSON, _ := json.Marshal(dummyDataUserExpired) dummyDataUser1 := map[string]map[string]*apppb.AppPassword{ user1Test.GetId().String(): { @@ -321,6 +337,13 @@ func TestListAppPasswords(t *testing.T) { dummyDataUser0[user0Test.GetId().String()][token], }, }, + { + description: "ListAppPasswords with not empty state with expired password (only one user)", + stateJSON: string(dummyDataUserExpiredJSON), + expectedState: []*apppb.AppPassword{ + dummyDataUserExpired[user0Test.GetId().String()][token], + }, + }, { description: "ListAppPasswords with not empty state (different users)", stateJSON: string(dummyDataTwoUsersJSON), @@ -512,7 +535,39 @@ func TestGetAppPassword(t *testing.T) { }, }} + dummyDataUserExpired := map[string]map[string]*apppb.AppPassword{ + userTest.GetId().String(): { + token: { + Password: token, + TokenScope: nil, + Label: "label", + User: userTest.GetId(), + Expiration: &typespb.Timestamp{ + Seconds: 100, + }, + Ctime: now, + Utime: now, + }, + }} + + dummyDataUserFutureExpiration := map[string]map[string]*apppb.AppPassword{ + userTest.GetId().String(): { + token: { + Password: token, + TokenScope: nil, + Label: "label", + User: userTest.GetId(), + Expiration: &typespb.Timestamp{ + Seconds: 16220400870, + }, + Ctime: now, + Utime: now, + }, + }} + dummyDataUser1TokenJSON, _ := json.Marshal(dummyDataUser1Token) + dummyDataUserExpiredJSON, _ := json.Marshal(dummyDataUserExpired) + dummyDataUserFutureExpirationJSON, _ := json.Marshal(dummyDataUserFutureExpiration) dummyDataDifferentUserToken := map[string]map[string]*apppb.AppPassword{ "OTHER_USER_ID": { @@ -541,6 +596,18 @@ func TestGetAppPassword(t *testing.T) { password: "TOKEN_NOT_EXISTS", expectedState: nil, }, + { + description: "GetAppPassword with expired token", + stateJSON: string(dummyDataUserExpiredJSON), + password: "TOKEN_NOT_EXISTS", + expectedState: nil, + }, + { + description: "GetAppPassword with token with expiration set in the future", + stateJSON: string(dummyDataUserFutureExpirationJSON), + password: "1234", + expectedState: dummyDataUserFutureExpiration[userTest.GetId().String()][token], + }, { description: "GetAppPassword with token that exists but different user", stateJSON: string(dummyDataDifferentUserTokenJSON),