Implement `AuthProvider`
parent
3a6083b3f1
commit
c8ccfca09b
@ -0,0 +1,54 @@
|
||||
/*
|
||||
* Created on Mon Feb 21 2022
|
||||
*
|
||||
* This file is a part of Skytable
|
||||
* Skytable (formerly known as TerrabaseDB or Skybase) is a free and open-source
|
||||
* NoSQL database written by Sayan Nandan ("the Author") with the
|
||||
* vision to provide flexibility in data modelling without compromising
|
||||
* on performance, queryability or scalability.
|
||||
*
|
||||
* Copyright (c) 2022, Sayan Nandan <ohsayan@outlook.com>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
use crate::corestore::array::Array;
|
||||
|
||||
type AuthkeyArray = Array<u8, { super::AUTHKEY_SIZE }>;
|
||||
|
||||
/// Return a "human readable key" and the "authbytes" that can be stored
|
||||
/// safely. To do this:
|
||||
/// - Generate 64 random bytes
|
||||
/// - Encode that into base64. This is the client key
|
||||
/// - Hash the key using rcrypt. This is the server key that
|
||||
/// will be stored
|
||||
pub fn generate_full() -> (String, super::Authkey) {
|
||||
let mut bytes: [u8; 64] = [0u8; 64];
|
||||
openssl::rand::rand_bytes(&mut bytes).unwrap();
|
||||
let ret = base64::encode(&bytes);
|
||||
let hash = rcrypt::hash(&ret, rcrypt::DEFAULT_COST).unwrap();
|
||||
let store_in_db = unsafe {
|
||||
let mut array = AuthkeyArray::new();
|
||||
// we guarantee that the size is equal to 40
|
||||
array.extend_from_slice_unchecked(&hash);
|
||||
array.into_array_unchecked()
|
||||
};
|
||||
(ret, store_in_db)
|
||||
}
|
||||
|
||||
/// Verify a "human readable key" against the provided "authbytes"
|
||||
pub fn verify_key(input: &[u8], hash: &[u8]) -> bool {
|
||||
rcrypt::verify(input, hash).unwrap()
|
||||
}
|
@ -0,0 +1,75 @@
|
||||
/*
|
||||
* Created on Tue Feb 22 2022
|
||||
*
|
||||
* This file is a part of Skytable
|
||||
* Skytable (formerly known as TerrabaseDB or Skybase) is a free and open-source
|
||||
* NoSQL database written by Sayan Nandan ("the Author") with the
|
||||
* vision to provide flexibility in data modelling without compromising
|
||||
* on performance, queryability or scalability.
|
||||
*
|
||||
* Copyright (c) 2022, Sayan Nandan <ohsayan@outlook.com>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
mod keys {
|
||||
use super::super::keys::{generate_full, verify_key};
|
||||
|
||||
#[test]
|
||||
fn test_verify_key() {
|
||||
let (key, store) = generate_full();
|
||||
assert!(verify_key(key.as_bytes(), &store));
|
||||
}
|
||||
}
|
||||
|
||||
mod authn {
|
||||
use super::super::{AuthError, AuthProvider};
|
||||
use crate::corestore::htable::Coremap;
|
||||
use std::sync::Arc;
|
||||
#[test]
|
||||
fn claim_root_okay() {
|
||||
let orig = b"c4299d190fb9a00626797fcc138c56eae9971664";
|
||||
let authmap = Arc::new(Coremap::new());
|
||||
let provider = AuthProvider::new(authmap, Some(*orig));
|
||||
let _ = provider.claim_root(orig).unwrap();
|
||||
}
|
||||
#[test]
|
||||
fn claim_root_wrongkey() {
|
||||
let orig = b"c4299d190fb9a00626797fcc138c56eae9971664";
|
||||
let authmap = Arc::new(Coremap::new());
|
||||
let provider = AuthProvider::new(authmap, Some(*orig));
|
||||
let claim_err = provider.claim_root(&orig[1..]).unwrap_err();
|
||||
assert_eq!(claim_err, AuthError::BadCredentials);
|
||||
}
|
||||
#[test]
|
||||
fn claim_root_disabled() {
|
||||
let provider = AuthProvider::new(Arc::new(Coremap::new()), None);
|
||||
assert_eq!(
|
||||
provider.claim_root(b"abcd").unwrap_err(),
|
||||
AuthError::Disabled
|
||||
);
|
||||
}
|
||||
#[test]
|
||||
fn claim_root_already_claimed() {
|
||||
let orig = b"c4299d190fb9a00626797fcc138c56eae9971664";
|
||||
let authmap = Arc::new(Coremap::new());
|
||||
let provider = AuthProvider::new(authmap, Some(*orig));
|
||||
let _ = provider.claim_root(orig).unwrap();
|
||||
assert_eq!(
|
||||
provider.claim_root(orig).unwrap_err(),
|
||||
AuthError::AlreadyClaimed
|
||||
);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue