Merge pull request #1278 from hashicorp/ts-prefix-checkpath
Check for auth/ in the path of the prefix for revoke-prefix in the token
This commit is contained in:
commit
86ba95e1b2
|
@ -1109,6 +1109,10 @@ func (ts *TokenStore) handleRevokePrefix(
|
||||||
return logical.ErrorResponse("missing source prefix"), logical.ErrInvalidRequest
|
return logical.ErrorResponse("missing source prefix"), logical.ErrInvalidRequest
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !strings.HasPrefix(prefix, "auth/") {
|
||||||
|
return logical.ErrorResponse("prefix to revoke must begin with 'auth/'"), logical.ErrInvalidRequest
|
||||||
|
}
|
||||||
|
|
||||||
// Revoke using the prefix
|
// Revoke using the prefix
|
||||||
if err := ts.expiration.RevokePrefix(prefix); err != nil {
|
if err := ts.expiration.RevokePrefix(prefix); err != nil {
|
||||||
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
|
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
|
||||||
|
|
|
@ -1063,8 +1063,14 @@ func TestTokenStore_HandleRequest_RevokePrefix(t *testing.T) {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
|
req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/github/")
|
||||||
resp, err := ts.HandleRequest(req)
|
resp, err := ts.HandleRequest(req)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatalf("expected error since prefix does not start with 'auth/'")
|
||||||
|
}
|
||||||
|
|
||||||
|
req = logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
|
||||||
|
resp, err = ts.HandleRequest(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("err: %v %v", err, resp)
|
t.Fatalf("err: %v %v", err, resp)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue