Skip to content

Commit

Permalink
cli: Control issuer redefinition in the session token signing cmd
Browse files Browse the repository at this point in the history 
Previously, CLI `util sign session-token` command unconditionally
overrode issuer field to the execution wallet. This could lead to an
unexpected behavior when user explicitly specified the issuer in the
token and wanted to just attach signature to it.

This changes the default behavior to save the issuer field and adds
`--force-issuer` flag reproducing the old behavior.

Refs #2947. Refs #2487.

Signed-off-by: Leonard Lyubich <[email protected]>
  • Loading branch information
@cthulhu-rider
cthulhu-rider committed Oct 2, 2024
1 parent 7c6fc5f commit 4133364
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion cmd/neofs-cli/modules/util/sign_session.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,18 @@ import (
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"github.com/spf13/cobra"
)

// signSessionCmd specific flags.
const (
forceIssuerFlag = "force-issuer"
)

var signSessionCmd = &cobra.Command{
Use: "session-token",
Short: "Sign session token to use it in requests",
Expand All @@ -31,6 +38,7 @@ func initSignSessionCmd() {
_ = signSessionCmd.MarkFlagRequired(signFromFlag)

flags.String(signToFlag, "", "File to save signed session token (optional)")
flags.Bool(forceIssuerFlag, false, "Set configured account as the session issuer even if it is already specified")
}

func signSessionToken(cmd *cobra.Command, _ []string) error {
Expand All @@ -47,6 +55,7 @@ func signSessionToken(cmd *cobra.Command, _ []string) error {
json.Marshaler
common.BinaryOrJSON
Sign(user.Signer) error
SetSignature(neofscrypto.Signer) error

Check warning on line 58 in cmd/neofs-cli/modules/util/sign_session.go

View check run for this annotation

Codecov / codecov/patch

cmd/neofs-cli/modules/util/sign_session.go#L58 

Added line #L58 was not covered by tests
}
var errLast error
var stok iTokenSession
Expand All @@ -71,7 +80,15 @@ func signSessionToken(cmd *cobra.Command, _ []string) error {
return err
}

err = stok.Sign(user.NewAutoIDSignerRFC6979(*pk))
forceIss, err := cmd.Flags().GetBool(forceIssuerFlag)
if err != nil {
return err

Check warning on line 85 in cmd/neofs-cli/modules/util/sign_session.go

View check run for this annotation

Codecov / codecov/patch

cmd/neofs-cli/modules/util/sign_session.go#L83-L85 

Added lines #L83 - L85 were not covered by tests
}
if forceIss {
err = stok.Sign(user.NewAutoIDSignerRFC6979(*pk))
} else {
err = stok.SetSignature(neofsecdsa.SignerRFC6979(*pk))

Check warning on line 90 in cmd/neofs-cli/modules/util/sign_session.go

View check run for this annotation

Codecov / codecov/patch

cmd/neofs-cli/modules/util/sign_session.go#L87-L90 

Added lines #L87 - L90 were not covered by tests
}
if err != nil {
return fmt.Errorf("can't sign token: %w", err)
}
Expand Down

0 comments on commit 4133364

Please sign in to comment.