Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Authorized keys bug fix

Clients who specified no key could publish services and make changes
rejected.js test was broken
Added missing_key.js test
  • Loading branch information...
commit c6f1575a42670be9adf4b902684d2ac7557ae903 1 parent 2037dbd
Mike Brevoort authored
12 lib/seaport.js
View
@@ -31,6 +31,7 @@ function Seaport (opts) {
return keys[i];
}
}
+ return null;
}
self.doc = !opts.private || !opts.public ? new crdt.Doc : new(crdt.Doc)({
@@ -54,9 +55,14 @@ function Seaport (opts) {
return cb(null, true);
}
+ if (!update[3]) {
+ // signature is missing
+ self.emit.apply(self, [ 'reject' ].concat(update[0]));
+ return cb(null, false);
+ }
+
var sig = JSON.parse(update[3]);
var id = sig[0];
-
var key = (keys[id] && keys[id].state.key)
|| (self._authorized[id] && self._authorized[id])
;
@@ -205,10 +211,12 @@ Seaport.prototype.createStream = function (host) {
};
Seaport.prototype.authorize = function (pubkey) {
- this.doc.set(createId(), {
+ var id = createId();
+ this.doc.set(id, {
type : 'authorize',
key : pubkey,
});
+ this._authorized[id] = pubkey;
};
Seaport.prototype.registerMeta = function (role, opts) {
4 test/authorized.js
View
@@ -19,7 +19,7 @@ test('allow authorized hosts', function (t) {
var server = seaport.createServer({
authorized : keys.map(function (k) { return k.public }),
public : keys[0].public,
- private : keys[0].private,
+ private : keys[0].private
});
server.listen(0);
@@ -29,7 +29,7 @@ test('allow authorized hosts', function (t) {
});
var ports = seaport.connect(server.address().port, keys[1]);
- ports.once('reject', function (from, msg) {
+ server.once('reject', function (from, msg) {
t.fail('message from ' + from + ' rejected');
t.end();
});
44 test/missing_key.js
View
@@ -0,0 +1,44 @@
+var test = require('tap').test;
+var seaport = require('../');
+
+var fs = require('fs');
+var keys = [
+ {
+ private : fs.readFileSync(__dirname + '/keys/beep'),
+ public : fs.readFileSync(__dirname + '/keys/beep.pem'),
+ },
+ {
+ private : fs.readFileSync(__dirname + '/keys/boop'),
+ public : fs.readFileSync(__dirname + '/keys/boop.pem'),
+ },
+];
+
+test('disallow authorized hosts with no key', function (t) {
+ t.plan(2);
+
+ var server = seaport.createServer({
+ authorized : keys.map(function (k) { return k.public }),
+ public : keys[0].public,
+ private : keys[0].private
+ });
+ server.listen(0);
+
+ server.once('register', function (service) {
+ t.fail('registered when I should have been rejected');
+ t.end();
+ });
+
+ server.once('reject', function (from, msg) {
+ t.equal(msg.type, 'service');
+ t.equal(msg._node, ports.doc.id);
+ t.end();
+ });
+
+ var ports = seaport.connect(server.address().port);
+ var port = ports.register('http');
+
+ t.on('end', function () {
+ server.close();
+ ports.close();
+ });
+});
8 test/rejected.js
View
@@ -18,7 +18,7 @@ test('reject unauthorized hosts', function (t) {
t.plan(2);
var server = seaport.createServer({
- authorized : [ keys[0] ],
+ authorized : [ keys[0].public ],
public : keys[0].public,
private : keys[0].private,
});
@@ -29,9 +29,9 @@ test('reject unauthorized hosts', function (t) {
});
var ports = seaport.connect(server.address().port, keys[1]);
- ports.once('reject', function (from, msg) {
- t.equal(msg.type, 'address');
- t.equal(msg.node, ports.doc.id);
+ server.once('reject', function (from, msg) {
+ t.equal(msg.type, 'service');
+ t.equal(msg._node, ports.doc.id);
});
var port = ports.register('http');
Please sign in to comment.
Something went wrong with that request. Please try again.