luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Merge pull request #1278 from hashicorp/ts-prefix-checkpath 

Check for auth/ in the path of the prefix for revoke-prefix in the token
This commit is contained in:
Vishal Nayak 2016-03-31 16:41:18 -04:00
parent 25b2320899 7442867d53
commit 86ba95e1b2
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vault/token_store.go
View File

@ -1109,6 +1109,10 @@ func (ts *TokenStore) handleRevokePrefix(
return logical.ErrorResponse("missing source prefix"), logical.ErrInvalidRequest
}
if !strings.HasPrefix(prefix, "auth/") {
return logical.ErrorResponse("prefix to revoke must begin with 'auth/'"), logical.ErrInvalidRequest
}
// Revoke using the prefix
if err := ts.expiration.RevokePrefix(prefix); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest

8
vault/token_store_test.go
View File

@ -1063,8 +1063,14 @@ func TestTokenStore_HandleRequest_RevokePrefix(t *testing.T) {
t.Fatalf("err: %v", err)
}
req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/github/")
resp, err := ts.HandleRequest(req)
if err == nil {
t.Fatalf("expected error since prefix does not start with 'auth/'")
}
req = logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
resp, err = ts.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v %v", err, resp)
}