Пример #1
0
// thirdPartyChecker is used to check third party caveats added by other
// services. The HTTP request is that of the client - it is attempting
// to gather a discharge macaroon.
//
// Note how this function can return additional first- and third-party
// caveats which will be added to the original macaroon's caveats.
func thirdPartyChecker(req *http.Request, cavId, condition string) ([]checkers.Caveat, error) {
	if condition != "access-allowed" {
		return nil, checkers.ErrCaveatNotRecognized
	}
	// TODO check that the HTTP request has cookies that prove
	// something about the client.
	return []checkers.Caveat{
		httpbakery.SameClientIPAddrCaveat(req),
	}, nil
}
Пример #2
0
		caveat: "client-ip-addr 2001:4860:0:2001:0::68",
	}, {
		caveat:      checkers.ClientIPAddrCaveat(net.ParseIP("2001:4860:0:2001::69")).Condition,
		expectError: `caveat "client-ip-addr 2001:4860:0:2001::69" not satisfied: client IP address mismatch, got 2001:4860:0:2001::68`,
	}, {
		caveat:      checkers.ClientIPAddrCaveat(net.ParseIP("127.0.0.1")).Condition,
		expectError: `caveat "client-ip-addr 127.0.0.1" not satisfied: client IP address mismatch, got 2001:4860:0:2001::68`,
	}},
}, {
	about: "same client address, ipv4 request address",
	checker: checkers.New(httpbakery.Checkers(&http.Request{
		RemoteAddr: "127.0.0.1:1324",
	})),
	checks: []checkTest{{
		caveat: httpbakery.SameClientIPAddrCaveat(&http.Request{
			RemoteAddr: "127.0.0.1:1234",
		}).Condition,
	}, {
		caveat: httpbakery.SameClientIPAddrCaveat(&http.Request{
			RemoteAddr: "[::ffff:7f00:1]:1235",
		}).Condition,
	}, {
		caveat: httpbakery.SameClientIPAddrCaveat(&http.Request{
			RemoteAddr: "127.0.0.2:1234",
		}).Condition,
		expectError: `caveat "client-ip-addr 127.0.0.2" not satisfied: client IP address mismatch, got 127.0.0.1`,
	}, {
		caveat: httpbakery.SameClientIPAddrCaveat(&http.Request{
			RemoteAddr: "[::ffff:7f00:2]:1235",
		}).Condition,
		expectError: `caveat "client-ip-addr 127.0.0.2" not satisfied: client IP address mismatch, got 127.0.0.1`,