Merge pull request #1278 from hashicorp/ts-prefix-checkpath

Check for auth/ in the path of the prefix for revoke-prefix in the token
This commit is contained in:
Vishal Nayak 2016-03-31 16:41:18 -04:00
commit 86ba95e1b2
2 changed files with 11 additions and 1 deletions

View File

@ -1109,6 +1109,10 @@ func (ts *TokenStore) handleRevokePrefix(
return logical.ErrorResponse("missing source prefix"), logical.ErrInvalidRequest return logical.ErrorResponse("missing source prefix"), logical.ErrInvalidRequest
} }
if !strings.HasPrefix(prefix, "auth/") {
return logical.ErrorResponse("prefix to revoke must begin with 'auth/'"), logical.ErrInvalidRequest
}
// Revoke using the prefix // Revoke using the prefix
if err := ts.expiration.RevokePrefix(prefix); err != nil { if err := ts.expiration.RevokePrefix(prefix); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest

View File

@ -1063,8 +1063,14 @@ func TestTokenStore_HandleRequest_RevokePrefix(t *testing.T) {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }
req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/") req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/github/")
resp, err := ts.HandleRequest(req) resp, err := ts.HandleRequest(req)
if err == nil {
t.Fatalf("expected error since prefix does not start with 'auth/'")
}
req = logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
resp, err = ts.HandleRequest(req)
if err != nil { if err != nil {
t.Fatalf("err: %v %v", err, resp) t.Fatalf("err: %v %v", err, resp)
} }