From 10077a732c2c8443519b2a1077010cd59bca4b6c Mon Sep 17 00:00:00 2001 From: Antonin Coulibaly Date: Fri, 5 Aug 2016 18:46:13 +0200 Subject: [PATCH] Clean unused files - with the refactor of auth API we can now remove unused files * lib/auth/vault.js * tests/unit/auth/v2/errorHandling.js --- lib/auth/vault.js | 106 ------------------ tests/unit/auth/v2/errorHandling.js | 161 ---------------------------- 2 files changed, 267 deletions(-) delete mode 100644 lib/auth/vault.js delete mode 100644 tests/unit/auth/v2/errorHandling.js diff --git a/lib/auth/vault.js b/lib/auth/vault.js deleted file mode 100644 index 9db1374ae..000000000 --- a/lib/auth/vault.js +++ /dev/null @@ -1,106 +0,0 @@ -'use strict'; // eslint-disable-line strict - -const AuthInfo = require('./AuthInfo'); -const backend = require('./in_memory/backend'); - -const client = backend; - -/** vaultSignatureCb parses message from Vault and instantiates - * @param {object} err - error from vault - * @param {object} userInfo - info from vault - * @param {object} log - log for request - * @param {function} callback - callback to authCheck functions - * @return {undefined} - */ -function vaultSignatureCb(err, userInfo, log, callback) { - // vaultclient API guarantees that it returns: - // - either `err`, an Error object with `code` and `message` properties set - // - or `err == null` and `info` is an object with `message.code` and - // `message.message` properties set. - if (err) { - log.error('received error message from vault', { errorMessage: err }); - return callback(err); - } - - log.debug('received user info from Vault', { userInfo }); - return callback(null, new AuthInfo(userInfo.message.body)); -} - -/** - * authenticateV2Request - * - * @param {string} params - the authentication parameters as returned by - * auth.extractParams - * @param {number} params.version - shall equal 2 - * @param {string} params.data.accessKey - the user's accessKey - * @param {string} params.data.signatureFromRequest - the signature read from - * the request - * @param {string} params.data.stringToSign - the stringToSign - * @param {string} params.data.algo - the hashing algorithm used for the - * signature - * @param {string} params.data.authType - the type of authentication (query or - * header) - * @param {string} params.data.signatureVersion - the version of the signature - * (AWS or AWS4) - * @param {number} [params.data.signatureAge] - the age of the signature in ms - * @param {string} params.data.log - the logger object - * @param {RequestContext} requestContext - an instance of a RequestContext - * object containing information for policy authorization check - * @param {function} callback - callback with either error or user info - * @return {undefined} - */ -function authenticateV2Request(params, requestContext, callback) { - params.log.debug('authenticating V2 request'); - client.verifySignatureV2( - params.data.stringToSign, - params.data.signatureFromRequest, - params.data.accessKey, - { - algo: params.data.algo, - reqUid: params.log.getSerializedUids(), - requestContext, - }, - (err, userInfo) => vaultSignatureCb(err, userInfo, - params.log, callback) - ); -} - -/** authenticateV4Request - * @param {object} params - the authentication parameters as returned by - * auth.extractParams - * @param {number} params.version - shall equal 4 - * @param {string} params.data.accessKey - the user's accessKey - * @param {string} params.data.signatureFromRequest - the signature read from - * the request - * @param {string} params.data.region - the AWS region - * @param {string} params.data.stringToSign - the stringToSign - * @param {string} params.data.scopeDate - the timespan to allow the request - * @param {string} params.data.authType - the type of authentication (query or - * header) - * @param {string} params.data.signatureVersion - the version of the signature - * (AWS or AWS4) - * @param {number} params.data.signatureAge - the age of the signature in ms - * @param {string} params.data.log - the logger object - * @param {RequestContext} requestContext - an instance of a RequestContext - * object containing information for policy authorization check - * @param {function} callback - callback with either error or user info - * @return {undefined} -*/ -function authenticateV4Request(params, requestContext, callback) { - params.log.debug('authenticating V4 request'); - client.verifySignatureV4( - params.data.stringToSign, - params.data.signatureFromRequest, - params.data.accessKey, - params.data.region, - params.data.scopeDate, - { - reqUid: params.log.getSerializedUids(), - requestContext, - }, - (err, userInfo) => vaultSignatureCb(err, userInfo, - params.log, callback) - ); -} - -module.exports = { authenticateV2Request, authenticateV4Request }; diff --git a/tests/unit/auth/v2/errorHandling.js b/tests/unit/auth/v2/errorHandling.js deleted file mode 100644 index d270e6fa6..000000000 --- a/tests/unit/auth/v2/errorHandling.js +++ /dev/null @@ -1,161 +0,0 @@ -'use strict'; // eslint-disable-line strict - -const assert = require('assert'); - -const errors = require('../../../../lib/errors'); -const auth = require('../../../../lib/auth/auth'); -const DummyRequestLogger = require('../../helpers').DummyRequestLogger; -const RequestContext = - require('../../../../lib/policyEvaluator/RequestContext.js'); - -auth.setHandler(require('../../../../lib/auth/vault')); - -const logger = new DummyRequestLogger(); - -describe('Error handling in checkAuth', () => { - it('should return an error message if no ' + - 'such access key', done => { - const date = new Date(); - const request = { - method: 'GET', - headers: { - date, - 'host': 's3.amazonaws.com', - 'user-agent': 'curl/7.43.0', - 'accept': '*/*', - 'authorization': 'AWS brokenKey1:MJNF7AqNapSu32TlBOVkcAxj58c=', - }, - url: '/bucket', - query: {}, - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.InvalidAccessKeyId); - done(); - }, 's3', requestContext); - }); - - it('should return an error message if no date header ' + - 'is provided with v2header auth check', done => { - const request = { - method: 'GET', - headers: { - 'host': 's3.amazonaws.com', - 'user-agent': 'curl/7.43.0', - 'accept': '*/*', - 'authorization': 'AWS accessKey1:MJNF7AqNapSu32TlBOVkcAxj58c=', - }, - url: '/bucket', - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.MissingSecurityHeader); - done(); - }, 's3', requestContext); - }); - - it('should return an error message if the Expires ' + - 'query parameter is more than 15 minutes ' + - 'old with query auth check', done => { - const request = { - method: 'GET', - url: '/bucket?AWSAccessKeyId=accessKey1&' + - 'Expires=1141889120&Signature=' + - 'vjbyPxybdZaNmGa%2ByT272YEAiv4%3D', - query: { - AWSAccessKeyId: 'accessKey1', - Expires: '1141889120', - Signature: 'vjbyPxybdZaNmGa%2ByT272YEAiv4%3D', - }, - headers: {}, - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.RequestTimeTooSkewed); - done(); - }, 's3', requestContext); - }); - - it('should return an error message if ' + - 'the signatures do not match for v2query auth', done => { - // Date.now() provides milliseconds since 1/1/1970. - // AWS Expires is in seconds so need to divide by 1000 - let expires = Date.now() / 1000; - const fifteenMinutes = (15 * 60); - expires = expires + fifteenMinutes; - const request = { - method: 'GET', - url: '/bucket?AWSAccessKeyId=accessKey1&Expires' + - `=${expires}&Signature=vjbyPxybdZaNmGa` + - '%2ByT272YEAiv4%3D', - query: { - AWSAccessKeyId: 'accessKey1', - Expires: expires, - Signature: 'vjbyPxybdZaNmGa%2ByT272YEAiv4%3D', - }, - headers: { host: 's3.amazonaws.com' }, - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.SignatureDoesNotMatch); - done(); - }, 's3', requestContext); - }); - - it('should return an error message if the ' + - 'signatures do not match for v2header auth', done => { - const date = new Date(); - const request = { - method: 'GET', - headers: { - date, - 'host': 's3.amazonaws.com', - 'user-agent': 'curl/7.43.0', - 'accept': '*/*', - 'authorization': 'AWS accessKey1:MJNF7AqNapSu32TlBOVkcAxj58c=', - }, - url: '/bucket', - query: {}, - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.SignatureDoesNotMatch); - done(); - }, 's3', requestContext); - }); - - it('should return an error message if accessKey is empty for' + - 'v2header auth', done => { - const date = new Date(); - const request = { - method: 'GET', - headers: { - date, - 'host': 's3.amazoneaws.com', - 'user-agent': 'curl/7.43.0', - 'accept': '*/*', - 'authorization': 'AWS :MJNF7AqNapSu32TlBOVkcAxj58c=', - }, - url: '/bucket', - query: {}, - }; - const requestContext = new RequestContext(request.headers, - request.query, request.bucketName, request.objectKey, - undefined, undefined, 'bucketGet', 's3'); - auth.server.doAuth(request, logger, err => { - assert.deepStrictEqual(err, errors.MissingSecurityHeader); - done(); - }, 's3', requestContext); - }); -});