From dbe5de070b8b4c86abe27bb3378e1685632dfdab Mon Sep 17 00:00:00 2001 From: Rutger Broekhoff Date: Wed, 24 Jan 2024 18:07:09 +0100 Subject: Write claim validation test --- rs/common/src/lib.rs | 16 ++++++++++++---- rs/server/src/main.rs | 45 ++++++++++++++++++++++++++++++--------------- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/rs/common/src/lib.rs b/rs/common/src/lib.rs index 27205bd..89c3286 100644 --- a/rs/common/src/lib.rs +++ b/rs/common/src/lib.rs @@ -136,9 +136,9 @@ fn parse_hex_exact(value: &str, buf: &mut [u8]) -> Result<(), ParseHexError> { for (i, c) in value.bytes().enumerate() { if let Some(b) = decode_nibble(c) { if i % 2 == 0 { - buf[i / 2] |= b; + buf[i / 2] |= b << 4; } else { - buf[i / 2] = b << 4; + buf[i / 2] |= b; } } else { return Err(ParseHexError::InvalidCharacter); @@ -236,8 +236,16 @@ impl> fmt::Display for HexFmt { let HexFmt(buf) = self; for b in buf.as_ref() { let (high, low) = (b >> 4, b & 0xF); - let highc = if high < 10 { b'0' + high } else { b'a' + high }; - let lowc = if low < 10 { b'0' + low } else { b'a' + low }; + let highc = if high < 10 { + high + b'0' + } else { + high - 10 + b'a' + }; + let lowc = if low < 10 { + low + b'0' + } else { + low - 10 + b'a' + }; f.write_char(highc as char)?; f.write_char(lowc as char)?; } diff --git a/rs/server/src/main.rs b/rs/server/src/main.rs index a8c6aa5..bdf38ef 100644 --- a/rs/server/src/main.rs +++ b/rs/server/src/main.rs @@ -279,7 +279,7 @@ struct BatchRequest { hash_algo: HashAlgo, } -#[derive(Clone)] +#[derive(Debug, Clone)] struct GitLfsJson(Json); const LFS_MIME: &str = "application/vnd.git-lfs+json"; @@ -306,18 +306,6 @@ fn is_git_lfs_json_mimetype(mimetype: &str) -> bool { let Ok(mime) = mimetype.parse::() else { return false; }; - println!( - "MIME type: {:?}; type: {}, subtype: {}, suffix: {}, charset: {}", - mime, - mime.type_(), - mime.subtype(), - mime.suffix() - .map(|name| name.to_string()) - .unwrap_or("".to_string()), - mime.get_param(mime::CHARSET) - .map(|name| name.to_string()) - .unwrap_or("".to_string()) - ); if mime.type_() != mime::APPLICATION || mime.subtype() != "vnd.git-lfs" || mime.suffix() != Some(mime::JSON) @@ -371,7 +359,7 @@ impl IntoResponse for GitLfsJson { } } -#[derive(Serialize)] +#[derive(Debug, Serialize)] struct GitLfsErrorData<'a> { message: &'a str, } @@ -841,7 +829,6 @@ pub struct VerifyClaimsInput<'a> { pub repo_path: &'a str, } -// Note: expires_at is ignored. fn verify_claims( conf: &AuthorizationConfig, claims: &VerifyClaimsInput, @@ -992,3 +979,31 @@ fn test_deserialize() { expected ); } + +#[test] +fn test_validate_claims() { + let key = "00232f7a019bd34e3921ee6c5f04caf48a4489d1be5d1999038950a7054e0bfea369ce2becc0f13fd3c69f8af2384a25b7ac2d52eb52c33722f3c00c50d4c9c2"; + let key: common::Key = key.parse().unwrap(); + + let expires_at = Utc::now() + std::time::Duration::from_secs(5 * 60); + let claims = common::Claims { + expires_at, + repo_path: "lfs-test.git", + specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download), + }; + let tag = common::generate_tag(claims, &key).unwrap(); + let header_value = format!("Gitolfs3-Hmac-Sha256 {tag} {}", expires_at.timestamp()); + + let conf = AuthorizationConfig { + key, + trusted_forwarded_hosts: HashSet::new(), + }; + let claims = VerifyClaimsInput { + repo_path: "lfs-test.git", + specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download), + }; + let mut headers = HeaderMap::new(); + headers.insert(header::AUTHORIZATION, header_value.try_into().unwrap()); + + assert!(verify_claims(&conf, &claims, &headers).unwrap()); +} -- cgit v1.2.3