summaryrefslogtreecommitdiffstats
path: root/rust
diff options
context:
space:
mode:
Diffstat (limited to 'rust')
-rw-r--r--rust/migrations/2019-01-01-000000_init/up.sql4
-rw-r--r--rust/src/auth.rs29
-rw-r--r--rust/tests/test_auth.rs7
3 files changed, 28 insertions, 12 deletions
diff --git a/rust/migrations/2019-01-01-000000_init/up.sql b/rust/migrations/2019-01-01-000000_init/up.sql
index b97660eb..5211b29a 100644
--- a/rust/migrations/2019-01-01-000000_init/up.sql
+++ b/rust/migrations/2019-01-01-000000_init/up.sql
@@ -619,8 +619,8 @@ INSERT INTO webcapture_rev_cdx (webcapture_rev, surt, timestamp, url, mimetype,
('00000000-0000-0000-7777-FFF000000003', 'org,asheesh)/robots.txt', '2003-02-17T04:47:19Z', 'http://asheesh.org:80/robots.txt', 'text/html', 404, 'a637f1d27d9bcb237310ed29f19c07e1c8cf0aa5', 'ffc1005680cb620eec4c913437dfabbf311b535cfe16cbaeb2faec1f92afc362');
INSERT INTO webcapture_rev_url (webcapture_rev, rel, url) VALUES
- ('00000000-0000-0000-7777-FFF000000002', 'wayback', 'http://web.archive.org/web/201801010001/http://example.org'),
- ('00000000-0000-0000-7777-FFF000000003', 'wayback', 'http://web.archive.org/web/201801010001/https://asheesh.org'),
+ ('00000000-0000-0000-7777-FFF000000002', 'wayback', 'http://web.archive.org/web/'),
+ ('00000000-0000-0000-7777-FFF000000003', 'wayback', 'http://web.archive.org/web/'),
('00000000-0000-0000-7777-FFF000000003', 'warc', 'https://example.org/something.warc.gz');
INSERT INTO webcapture_ident (id, is_live, rev_id, redirect_id) VALUES
diff --git a/rust/src/auth.rs b/rust/src/auth.rs
index 7e9b945a..a62c2f58 100644
--- a/rust/src/auth.rs
+++ b/rust/src/auth.rs
@@ -229,7 +229,7 @@ impl AuthConfectionary {
if let Some(duration) = duration {
let expires = now_utc + duration;
mac.add_first_party_caveat(&format!(
- "time < {:?}",
+ "time < {}",
&expires.to_rfc3339_opts(SecondsFormat::Secs, true)
));
};
@@ -291,12 +291,15 @@ impl AuthConfectionary {
let mut created: Option<DateTime<Utc>> = None;
for caveat in mac.first_party_caveats() {
if caveat.predicate().starts_with("time > ") {
- created = Some(
+ let ts: chrono::ParseResult<DateTime<Utc>> =
DateTime::parse_from_rfc3339(caveat.predicate().get(7..).unwrap())
- .unwrap()
- .with_timezone(&Utc),
- );
- break;
+ .map(|x| x.with_timezone(&Utc));
+ if let Ok(ts) = ts {
+ created = Some(ts);
+ break;
+ } else {
+ info!("couldn't parse macaroon time constraint: {}", caveat.predicate());
+ }
}
}
let created = match created {
@@ -337,10 +340,16 @@ impl AuthConfectionary {
verifier.satisfy_general(|p: &str| -> bool {
// not expired (based on time)
if p.starts_with("time < ") {
- let expires: DateTime<Utc> = DateTime::parse_from_rfc3339(p.get(7..).unwrap())
- .unwrap()
- .with_timezone(&Utc);
- expires < Utc::now()
+ let expires: chrono::ParseResult<DateTime<Utc>> =
+ DateTime::parse_from_rfc3339(p.get(7..).unwrap())
+ .map(|x| x.with_timezone(&Utc));
+ if let Ok(when) = expires {
+ //info!("checking time constraint: {} < {}", Utc::now(), when);
+ Utc::now() < when
+ } else {
+ info!("couldn't parse macaroon time constraint: {}", p);
+ false
+ }
} else {
false
}
diff --git a/rust/tests/test_auth.rs b/rust/tests/test_auth.rs
index c0d81753..2faf78ec 100644
--- a/rust/tests/test_auth.rs
+++ b/rust/tests/test_auth.rs
@@ -34,6 +34,13 @@ fn test_auth_db() {
let editor_row = c.parse_macaroon_token(&conn, &token, None).unwrap();
assert_eq!(editor_row.id, editor_id.to_uuid());
+ // create token w/ expiration
+ let token = c.create_token(editor_id, Some(chrono::Duration::days(1))).unwrap();
+
+ // verify token w/ expiration
+ let editor_row = c.parse_macaroon_token(&conn, &token, None).unwrap();
+ assert_eq!(editor_row.id, editor_id.to_uuid());
+
// revoke token
auth::revoke_tokens(&conn, editor_id).unwrap();