Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3527 +/- ##
==========================================
+ Coverage 23.54% 23.92% +0.38%
==========================================
Files 669 669
Lines 50248 50248
==========================================
+ Hits 11832 12024 +192
+ Misses 37502 37257 -245
- Partials 914 967 +53 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
The same status returns in other case of failure. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
b6c75a2 to
df8d099
Compare
| if !ok { | ||
| // TODO: Signed data is used twice - for cache key and to check the signature. Coding can be deduplicated. | ||
| res.token, res.err = b.decodeAndVerifyBearerTokenCommon(m, ownerCnr) | ||
| res.token, res.err = b.decodeAndVerifyBearerTokenCommon(m) |
There was a problem hiding this comment.
isn't bearer->eacl table->container->owner a const chain for any token?
There was a problem hiding this comment.
it is, and that's what tricked me. ownerCnr is an owner of the container from request body
There was a problem hiding this comment.
hw, i guess the fix is ok then, but
owner of the container from request body
bothers me
There was a problem hiding this comment.
bearer token issuer must be the owner of the requested container. It has always been like this and it is right
There was a problem hiding this comment.
this check can be before the cache check then imo. i think ownerCnr must be correct in this func
No description provided.