Bugfix: better auth header parsing.

Fixes #104 This is a regression brought on by recent refactorings. The new functionality is more robust in that l2met no longer cares whether you have a user:password format of decoded authorization. It will take everything up to and excluding the `:`.
ryandotsmith · Aug 15, 2013 · 27b6331 · 27b6331
1 parent 5ee91ed
commit 27b6331
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 28 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -5,13 +5,13 @@ package auth
 import (
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"github.com/kr/fernet"
+	"io/ioutil"
+	"net/http"
 	"os"
 	"strings"
 	"time"
-	"io/ioutil"
-	"net/http"
-	"fmt"
 )
 
 var (
@@ -54,16 +54,15 @@ func Parse(authLine string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return string(decodedPayload), nil
+	return strings.TrimSuffix(string(decodedPayload), ":"), nil
 }
 
-func Decrypt(s string) (string, string, error) {
+func Decrypt(s string) (string, error) {
 	msg := fernet.VerifyAndDecrypt([]byte(s), ttl, keys)
 	if msg == nil {
-		return "", "", errors.New("Unable to decrypt.")
+		return "", errors.New("Unable to decrypt.")
 	}
-	parts := strings.Split(string(msg), ":")
-	return parts[0], parts[1], nil
+	return string(msg), nil
 }
 
 func ServeHTTP(w http.ResponseWriter, r *http.Request) {

diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -8,23 +8,38 @@ import (
 	"testing"
 )
 
+type authTest struct {
+	input  string
+	output string
+}
+
+var authTests = []authTest{
+	{
+		"user:password",
+		"user:password",
+	},
+}
+
 func TestAuth(t *testing.T) {
+	for _, ts := range authTests {
+		testEncryptDecrypt(t, ts)
+	}
+}
+
+func testEncryptDecrypt(t *testing.T, ts authTest) {
 	if len(keys) == 0 {
 		t.Fatalf("Must set $SECRETS\n")
 	}
 
 	var b bytes.Buffer
 	r, err := http.NewRequest("GET", "http://does-not-matter.com", &b)
 	if err != nil {
-		t.Error(err)
+		t.Fatalf("error=%s\n", err)
 	}
 
-	expectedUser := "ryan@heroku.com"
-	expectedPass := "abc123"
-	tok, err := fernet.EncryptAndSign([]byte(expectedUser+":"+expectedPass),
-		keys[0])
+	tok, err := fernet.EncryptAndSign([]byte(ts.input), keys[0])
 	if err != nil {
-		t.Error(err)
+		t.Fatalf("error=%s\n", err)
 	}
 	r.Header.Set("Authorization",
 		"Basic "+base64.StdEncoding.EncodeToString(tok))
@@ -34,16 +49,12 @@ func TestAuth(t *testing.T) {
 		t.Fatalf("error=%s\n", err)
 	}
 
-	actualUser, actualPass, err := Decrypt(parseRes)
+	actualOutput, err := Decrypt(parseRes)
 	if err != nil {
 		t.Fatalf("error=%s\n", err)
 	}
 
-	if actualUser != expectedUser {
-		t.Fatalf("actual=%q expected=%q\n", actualUser, expectedUser)
-	}
-
-	if actualPass != expectedPass {
-		t.Fatalf("actual=%q expected=%q\n", actualPass, expectedPass)
+	if actualOutput != ts.output {
+		t.Fatalf("actual=%q expected=%q\n", actualOutput, ts.output)
 	}
 }
diff --git a/outlet/librato_outlet.go b/outlet/librato_outlet.go
@@ -17,6 +17,7 @@ import (
 	"net"
 	"net/http"
 	"runtime"
+	"strings"
 	"time"
 )
 
@@ -123,18 +124,23 @@ func (l *LibratoOutlet) outlet() {
 		//Since a playload contains all metrics for
 		//a unique librato user/pass, we can extract the user/pass
 		//from any one of the payloads.
-		user, pass, err := auth.Decrypt(payloads[0].Auth)
+		decr, err := auth.Decrypt(payloads[0].Auth)
 		if err != nil {
 			fmt.Printf("error=%s\n", err)
 			continue
 		}
+		creds := strings.Split(decr, ":")
+		if len(creds) != 2 {
+			fmt.Printf("error=missing-creds\n")
+			continue
+		}
 		libratoReq := &libratoRequest{payloads}
 		j, err := json.Marshal(libratoReq)
 		if err != nil {
-			fmt.Printf("at=json error=%s user=%s\n", err, user)
+			fmt.Printf("at=json error=%s user=%s\n", err, creds[0])
 			continue
 		}
-		if err := l.postWithRetry(user, pass, j); err != nil {
+		if err := l.postWithRetry(creds[0], creds[1], j); err != nil {
 			l.Mchan.Measure("outlet.drop", 1)
 		}
 	}

diff --git a/receiver/receiver.go b/receiver/receiver.go
@@ -11,14 +11,14 @@ import (
 	"github.com/ryandotsmith/l2met/bucket"
 	"github.com/ryandotsmith/l2met/conf"
 	"github.com/ryandotsmith/l2met/metchan"
-	"io/ioutil"
 	"github.com/ryandotsmith/l2met/parser"
 	"github.com/ryandotsmith/l2met/store"
+	"io/ioutil"
+	"net/http"
 	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
-	"net/http"
 )
 
 // We read the body of an http request and then close the request.
@@ -206,8 +206,7 @@ func (r *Receiver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		http.Error(w, "Fail: Parse auth.", 400)
 		return
 	}
-	_, _, err = auth.Decrypt(parseRes)
-	if err != nil {
+	if _, err = auth.Decrypt(parseRes); err != nil {
 		fmt.Printf("error=%s\n", err)
 		http.Error(w, "Invalid Request", 400)
 		return