diff options
Diffstat (limited to 'rust/src')
-rw-r--r-- | rust/src/auth.rs | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/rust/src/auth.rs b/rust/src/auth.rs index 3a6271e5..13c0126f 100644 --- a/rust/src/auth.rs +++ b/rust/src/auth.rs @@ -183,17 +183,13 @@ pub struct AuthConfectionary { } fn parse_macaroon_key(key_base64: &str) -> Result<MacaroonKey> { - // instead of creating a [u8; 32], we decode into an arbitrary Vec (after checking the input - // length first), because the MacaroonKey 'From' trait is implemented differently for [u8] and - // [u8; 32] (sigh). if key_base64.len() != 44 { bail!("bad base64-padded-encoded key for macaroons"); } let key_bytes = BASE64 .decode(key_base64.as_bytes()) .expect("base64 key decode"); - let bytes_ref: &[u8] = key_bytes.as_ref(); - let key = MacaroonKey::from(bytes_ref); + let key = MacaroonKey::generate(&key_bytes); Ok(key) } @@ -255,8 +251,7 @@ impl AuthConfectionary { .into(), ); }; - let raw = mac.serialize(Format::V2).expect("macaroon serialization"); - Ok(BASE64.encode(&raw)) + Ok(mac.serialize(Format::V2).expect("macaroon serialization")) } /// Takes a macaroon as a base64-encoded string, deserializes it @@ -266,8 +261,7 @@ impl AuthConfectionary { s: &str, endpoint: Option<&str>, ) -> Result<EditorRow> { - let raw = BASE64.decode(s.as_bytes())?; - let mac = match Macaroon::deserialize(&raw) { + let mac = match Macaroon::deserialize(s) { Ok(m) => m, Err(e) => { // TODO: should be "chaining" here @@ -401,17 +395,15 @@ impl AuthConfectionary { }; match verifier.verify(&mac, verify_key, Default::default()) { Ok(()) => (), - Err(MacaroonError::InvalidMacaroon(em)) => { - return Err(FatcatError::InvalidCredentials(format!( - "auth token (macaroon) not valid (signature and/or caveats failed): {}", - em - )) + Err(MacaroonError::CaveatNotSatisfied(_)) | Err(MacaroonError::InvalidSignature) => { + return Err(FatcatError::InvalidCredentials( + "auth token (macaroon) not valid (signature and/or caveats failed)".to_string(), + ) .into()); } Err(e) => { - // TODO: chain return Err(FatcatError::InvalidCredentials(format!( - "token parsing failed: {:?}", + "auth token (macaroon) parsing failed: {:?}", e )) .into()); @@ -574,7 +566,7 @@ fn test_macaroon_keys() { .unwrap(); assert_eq!(old_key.len(), 32); assert_eq!(old_key, key_bytes); - let old_macaroon_key: MacaroonKey = old_key.as_slice().into(); + let old_macaroon_key = MacaroonKey::generate(&old_key); // new (2022) way of parsing keys let key = parse_macaroon_key("5555555555555555555555555555555555555555xms=").unwrap(); |