Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Authorized keys bug fix

Clients who specified no key could publish services and make changes
rejected.js test was broken
Added missing_key.js test
  • Loading branch information...
commit c6f1575a42670be9adf4b902684d2ac7557ae903 1 parent 2037dbd
@mbrevoort authored
View
12 lib/seaport.js
@@ -31,6 +31,7 @@ function Seaport (opts) {
return keys[i];
}
}
+ return null;
}
self.doc = !opts.private || !opts.public ? new crdt.Doc : new(crdt.Doc)({
@@ -54,9 +55,14 @@ function Seaport (opts) {
return cb(null, true);
}
+ if (!update[3]) {
+ // signature is missing
+ self.emit.apply(self, [ 'reject' ].concat(update[0]));
+ return cb(null, false);
+ }
+
var sig = JSON.parse(update[3]);
var id = sig[0];
-
var key = (keys[id] && keys[id].state.key)
|| (self._authorized[id] && self._authorized[id])
;
@@ -205,10 +211,12 @@ Seaport.prototype.createStream = function (host) {
};
Seaport.prototype.authorize = function (pubkey) {
- this.doc.set(createId(), {
+ var id = createId();
+ this.doc.set(id, {
type : 'authorize',
key : pubkey,
});
+ this._authorized[id] = pubkey;
};
Seaport.prototype.registerMeta = function (role, opts) {
View
4 test/authorized.js
@@ -19,7 +19,7 @@ test('allow authorized hosts', function (t) {
var server = seaport.createServer({
authorized : keys.map(function (k) { return k.public }),
public : keys[0].public,
- private : keys[0].private,
+ private : keys[0].private
});
server.listen(0);
@@ -29,7 +29,7 @@ test('allow authorized hosts', function (t) {
});
var ports = seaport.connect(server.address().port, keys[1]);
- ports.once('reject', function (from, msg) {
+ server.once('reject', function (from, msg) {
t.fail('message from ' + from + ' rejected');
t.end();
});
View
44 test/missing_key.js
@@ -0,0 +1,44 @@
+var test = require('tap').test;
+var seaport = require('../');
+
+var fs = require('fs');
+var keys = [
+ {
+ private : fs.readFileSync(__dirname + '/keys/beep'),
+ public : fs.readFileSync(__dirname + '/keys/beep.pem'),
+ },
+ {
+ private : fs.readFileSync(__dirname + '/keys/boop'),
+ public : fs.readFileSync(__dirname + '/keys/boop.pem'),
+ },
+];
+
+test('disallow authorized hosts with no key', function (t) {
+ t.plan(2);
+
+ var server = seaport.createServer({
+ authorized : keys.map(function (k) { return k.public }),
+ public : keys[0].public,
+ private : keys[0].private
+ });
+ server.listen(0);
+
+ server.once('register', function (service) {
+ t.fail('registered when I should have been rejected');
+ t.end();
+ });
+
+ server.once('reject', function (from, msg) {
+ t.equal(msg.type, 'service');
+ t.equal(msg._node, ports.doc.id);
+ t.end();
+ });
+
+ var ports = seaport.connect(server.address().port);
+ var port = ports.register('http');
+
+ t.on('end', function () {
+ server.close();
+ ports.close();
+ });
+});
View
8 test/rejected.js
@@ -18,7 +18,7 @@ test('reject unauthorized hosts', function (t) {
t.plan(2);
var server = seaport.createServer({
- authorized : [ keys[0] ],
+ authorized : [ keys[0].public ],
public : keys[0].public,
private : keys[0].private,
});
@@ -29,9 +29,9 @@ test('reject unauthorized hosts', function (t) {
});
var ports = seaport.connect(server.address().port, keys[1]);
- ports.once('reject', function (from, msg) {
- t.equal(msg.type, 'address');
- t.equal(msg.node, ports.doc.id);
+ server.once('reject', function (from, msg) {
+ t.equal(msg.type, 'service');
+ t.equal(msg._node, ports.doc.id);
});
var port = ports.register('http');

0 comments on commit c6f1575

Please sign in to comment.
Something went wrong with that request. Please try again.