Commit 4deb791e authored by ale's avatar ale
Browse files

SetUserU2FChallenge must always overwrite the current value

Fix an error in the etcd backend.
parent 429bffee
Pipeline #426 passed with stages
in 1 minute and 20 seconds
......@@ -321,7 +321,13 @@ func (tx *etcdTX) SetUserU2FChallenge(user string, chal *u2f.Challenge) error {
if err != nil {
return err
}
tx.updates[tx.userChallengeKey(user)] = string(data)
// SetUserU2FChallenge always overwrites the current value.
// To do so, we explicitly set a 0 value in tx.seen, so that
// the resulting SetOptions will have PrevIndex = 0 when
// committing the transaction.
key := tx.userChallengeKey(user)
tx.updates[key] = string(data)
tx.seen[key] = 0
return nil
}
......
......@@ -3,12 +3,14 @@ package etcd
import (
"encoding/json"
"fmt"
"reflect"
"testing"
"time"
"git.autistici.org/ale/idp"
etcdclient "github.com/coreos/etcd/client"
"github.com/tstranex/u2f"
"golang.org/x/net/context"
)
......@@ -233,3 +235,44 @@ func TestEtcd_AddUserLogEntry(t *testing.T) {
}
}
}
func TestEtcd_SetUserU2FChallenge(t *testing.T) {
tdb := newTestDB(t, testData)
defer tdb.Close()
chalA := &u2f.Challenge{
Challenge: []byte("a"),
}
chalB := &u2f.Challenge{
Challenge: []byte("b"),
}
if err := tdb.db.Do(context.Background(), func(txn idp.Txn) error {
if err := txn.SetUserU2FChallenge("testuser", chalA); err != nil {
return err
}
return txn.Commit()
}); err != nil {
t.Fatal("first SetUserU2FChallenge failed:", err)
}
if err := tdb.db.Do(context.Background(), func(txn idp.Txn) error {
if err := txn.SetUserU2FChallenge("testuser", chalB); err != nil {
return err
}
return txn.Commit()
}); err != nil {
t.Fatal("second SetUserU2FChallenge failed:", err)
}
var result *u2f.Challenge
if err := tdb.db.Do(context.Background(), func(txn idp.Txn) (err error) {
result, err = txn.GetUserU2FChallenge("testuser")
return
}); err != nil {
t.Fatal("GetUserU2FChallenge failed:", err)
}
if !reflect.DeepEqual(chalB, result) {
t.Fatalf("bad result: expecting=%+v, got=%+v", chalB, result)
}
}
......@@ -84,7 +84,7 @@ func (s *Service) withUser(f func(http.ResponseWriter, *http.Request, idp.Txn, *
"user": as.Username,
"error": err,
"request": r.URL.String(),
}).Error("GetUser error")
}).Error("database error")
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
})
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment