Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

Commit

Permalink
Remove initial token for WS. (#9545)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomusdrw authored and 5chdn committed Sep 13, 2018
1 parent decfe81 commit 5e680ec
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 34 deletions.
16 changes: 2 additions & 14 deletions rpc/src/authcodes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,6 @@ impl TimeProvider for DefaultTimeProvider {
const TIME_THRESHOLD: u64 = 7;
/// minimal length of hash
const TOKEN_LENGTH: usize = 16;
/// special "initial" token used for authorization when there are no tokens yet.
const INITIAL_TOKEN: &'static str = "initial";
/// Separator between fields in serialized tokens file.
const SEPARATOR: &'static str = ";";
/// Number of seconds to keep unused tokens.
Expand Down Expand Up @@ -163,16 +161,6 @@ impl<T: TimeProvider> AuthCodes<T> {

let as_token = |code| keccak(format!("{}:{}", code, time));

// Check if it's the initial token.
if self.is_empty() {
let initial = &as_token(INITIAL_TOKEN) == hash;
// Initial token can be used only once.
if initial {
let _ = self.generate_new();
}
return initial;
}

// look for code
for code in &mut self.codes {
if &as_token(&code.code) == hash {
Expand Down Expand Up @@ -239,7 +227,7 @@ mod tests {
}

#[test]
fn should_return_true_if_code_is_initial_and_store_is_empty() {
fn should_return_false_even_if_code_is_initial_and_store_is_empty() {
// given
let code = "initial";
let time = 99;
Expand All @@ -250,7 +238,7 @@ mod tests {
let res2 = codes.is_valid(&generate_hash(code, time), time);

// then
assert_eq!(res1, true);
assert_eq!(res1, false);
assert_eq!(res2, false);
}

Expand Down
23 changes: 3 additions & 20 deletions rpc/src/tests/ws.rs
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ mod testing {
}

#[test]
fn should_allow_initial_connection_but_only_once() {
fn should_not_allow_initial_connection_even_once() {
// given
let (server, port, authcodes) = serve();
let code = "initial";
Expand All @@ -160,26 +160,9 @@ mod testing {
timestamp,
)
);
let response2 = http_client::request(server.addr(),
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol:{:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
keccak(format!("{}:{}", code, timestamp)),
timestamp,
)
);

// then
assert_eq!(response1.status, "HTTP/1.1 101 Switching Protocols".to_owned());
assert_eq!(response2.status, "HTTP/1.1 403 Forbidden".to_owned());
http_client::assert_security_headers_present(&response2.headers, None);
assert_eq!(response1.status, "HTTP/1.1 403 Forbidden".to_owned());
http_client::assert_security_headers_present(&response1.headers, None);
}
}

0 comments on commit 5e680ec

Please sign in to comment.