From 2baa1edb2c7fa07b0aae468f698911ffdda0078a Mon Sep 17 00:00:00 2001 From: Sid Stenersen Date: Fri, 21 May 2021 00:34:55 -0400 Subject: [PATCH 1/4] Simplify auth provider interface --- src/src/lib/auth/auth_provider.h | 2 +- src/src/lib/auth/callback_auth_provider.cc | 2 +- src/src/lib/auth/callback_auth_provider.h | 2 +- src/src/lib/auth/direct_auth_provider.cc | 2 +- src/src/lib/auth/direct_auth_provider.h | 2 +- src/src/lib/auth/gcs_auth_provider.cc | 15 +++--------- src/src/lib/auth/gcs_auth_provider.h | 9 +------ src/src/lib/auth/google_auth_provider.cc | 28 +++++++++++----------- src/src/lib/auth/google_auth_provider.h | 10 ++++---- src/src/lib/auth/imp_auth_provider.cc | 8 +++---- src/src/lib/auth/imp_auth_provider.h | 4 ++-- src/src/lib/auth/service_account.cc | 5 ++-- src/src/lib/auth/service_account.h | 3 +-- 13 files changed, 37 insertions(+), 55 deletions(-) diff --git a/src/src/lib/auth/auth_provider.h b/src/src/lib/auth/auth_provider.h index 3ffed5c..a1edf9c 100644 --- a/src/src/lib/auth/auth_provider.h +++ b/src/src/lib/auth/auth_provider.h @@ -37,7 +37,7 @@ class AuthProvider virtual ~AuthProvider() {} // Returns the short-term authentication bearer token. - virtual std::string getAuthToken(HTTPRequest *request = nullptr) = 0; + virtual std::string getAuthToken() = 0; // Returns the short-term gcs authentication token; virtual std::string getGcsAuthTokenImpl(const std::string &sd_suproject_resource, diff --git a/src/src/lib/auth/callback_auth_provider.cc b/src/src/lib/auth/callback_auth_provider.cc index dd20f2a..2217938 100644 --- a/src/src/lib/auth/callback_auth_provider.cc +++ b/src/src/lib/auth/callback_auth_provider.cc @@ -38,7 +38,7 @@ void CallbackAuthProvider::setCallback(AuthProviderCallback aCallback, const voi token.clear(); } -std::string CallbackAuthProvider::getAuthToken(HTTPRequest * /*request*/) +std::string CallbackAuthProvider::getAuthToken() { std::unique_lock lock(mutex); if (sdutils::now() > expire || token.empty()) { diff --git a/src/src/lib/auth/callback_auth_provider.h b/src/src/lib/auth/callback_auth_provider.h index 0c5575a..6de3cd4 100644 --- a/src/src/lib/auth/callback_auth_provider.h +++ b/src/src/lib/auth/callback_auth_provider.h @@ -40,7 +40,7 @@ namespace seismicdrive { public: CallbackAuthProvider(AuthProviderCallback callback, const void *data, const std::string &sdurl, const std::string &sdapikey); - std::string getAuthToken(HTTPRequest *request) override; + std::string getAuthToken() override; void setCallback(AuthProviderCallback callback, const void *data); }; diff --git a/src/src/lib/auth/direct_auth_provider.cc b/src/src/lib/auth/direct_auth_provider.cc index e12db68..9966679 100755 --- a/src/src/lib/auth/direct_auth_provider.cc +++ b/src/src/lib/auth/direct_auth_provider.cc @@ -27,7 +27,7 @@ DirectAuthProvider::DirectAuthProvider(const std::string& sdurl, const std::stri { } -std::string DirectAuthProvider::getAuthToken(HTTPRequest * /*request*/) { +std::string DirectAuthProvider::getAuthToken() { std::unique_lock lock(mutex); return token; } diff --git a/src/src/lib/auth/direct_auth_provider.h b/src/src/lib/auth/direct_auth_provider.h index 9adae7d..d252b29 100644 --- a/src/src/lib/auth/direct_auth_provider.h +++ b/src/src/lib/auth/direct_auth_provider.h @@ -33,7 +33,7 @@ namespace seismicdrive { public: DirectAuthProvider(const std::string& sdurl, const std::string& sdapikey, const std::string& token); - std::string getAuthToken(HTTPRequest *request = nullptr) override; + std::string getAuthToken() override; void refreshAuthToken(const std::string &token) override; }; diff --git a/src/src/lib/auth/gcs_auth_provider.cc b/src/src/lib/auth/gcs_auth_provider.cc index 2b1e083..a102715 100644 --- a/src/src/lib/auth/gcs_auth_provider.cc +++ b/src/src/lib/auth/gcs_auth_provider.cc @@ -75,16 +75,6 @@ namespace seismicdrive { std::function authCallback, const std::string& sd_suproject_resource, bool readonly) { - HTTPRequest request; - return getToken(sdurl, sdapikey, authCallback, sd_suproject_resource, readonly, &request); - } - - std::string GcsAuthProvider::getToken(const std::string& sdurl, - const std::string& sdapikey, - std::function authCallback, - const std::string& sd_suproject_resource, - bool readonly, - HTTPRequest *request) { std::unique_lock lock(mutex); const auto readonlystr = readonly ? "true" : "false"; @@ -114,7 +104,8 @@ namespace seismicdrive { http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest request; + request.send(http); if(http.status()!=HTTP_STATUS::OK) { throw seismicdrive::SDExceptionAuthProviderError( @@ -126,7 +117,7 @@ namespace seismicdrive { std::cout << "[telemetry::seistore] " << http.get_http_method_as_string() << " " << http.get_url().substr(http.get_url().find("/api/v") + 7) << " - " << - std::setprecision(4) << 1000*request->getCallTotalTime() << " (ms)" << std::endl; + std::setprecision(4) << 1000 * request.getCallTotalTime() << " (ms)" << std::endl; } auto root = JsonUtils::tojson(http.get_response(), "GCSAuthProvider::getToken"); diff --git a/src/src/lib/auth/gcs_auth_provider.h b/src/src/lib/auth/gcs_auth_provider.h index e8b3424..170b44b 100644 --- a/src/src/lib/auth/gcs_auth_provider.h +++ b/src/src/lib/auth/gcs_auth_provider.h @@ -55,14 +55,7 @@ namespace seismicdrive { const std::string& sdapikey, std::function authCallback, const std::string& sd_suproject_resource, - bool readonly, - HTTPRequest *request); - - std::string getToken(const std::string& sdurl, - const std::string& sdapikey, - std::function authCallback, - const std::string& sd_suproject_resource, - bool readonly); + bool readonly); TokenInfo getCachedToken(const std::string &resourceRef); diff --git a/src/src/lib/auth/google_auth_provider.cc b/src/src/lib/auth/google_auth_provider.cc index 6b5dbde..edf552f 100644 --- a/src/src/lib/auth/google_auth_provider.cc +++ b/src/src/lib/auth/google_auth_provider.cc @@ -82,14 +82,14 @@ bool retriable_responses(const seismicdrive::HTTPManager & http){ namespace seismicdrive { namespace { - bool checkForGCEInstance(HTTPRequest *request = nullptr) noexcept + bool checkForGCEInstance() noexcept { try { HTTPManager http; http.set_url(kGceMetadataCheckUrl); http.add_header("Metadata-Flavor", "Google"); http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest().send(http); return http.ok(); } catch(...) { @@ -98,7 +98,7 @@ namespace seismicdrive { } } - std::string GoogleAuthProvider::getAuthToken(HTTPRequest *request) { + std::string GoogleAuthProvider::getAuthToken() { std::lock_guard lock(mutex); @@ -106,14 +106,14 @@ namespace seismicdrive { return token; } - if (!getTokenFromFile(request)) { + if (!getTokenFromFile()) { static bool isRunningInGCE = false; if (!isRunningInGCE) { isRunningInGCE = checkForGCEInstance(); } if (isRunningInGCE) { - getTokenFromGce(request); + getTokenFromGce(); } else { throw seismicdrive::SDExceptionAuthProviderError(sdmex::auth::GetAuthProviderTokenError("GoogleAuthProvider")); @@ -129,7 +129,7 @@ namespace seismicdrive { return getAuthToken(); } - void GoogleAuthProvider::getTokenFromGce(HTTPRequest *request) { + void GoogleAuthProvider::getTokenFromGce() { const auto txpoint = log.getPointTime(); @@ -138,7 +138,7 @@ namespace seismicdrive { http.add_header("Metadata-Flavor", "Google"); http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest().send(http); if(!http.ok()) { throw seismicdrive::SDExceptionAuthProviderError(sdmex::auth::GetAuthProviderTokenError("GoogleAuthProvider") + "\n" + http.error_mex()); @@ -150,7 +150,7 @@ namespace seismicdrive { } - bool GoogleAuthProvider::getTokenFromFile(HTTPRequest *request) { + bool GoogleAuthProvider::getTokenFromFile() { std::string credentials_filename = getEnvironmentVariableFileName(); if(credentials_filename.empty()) { @@ -166,13 +166,13 @@ namespace seismicdrive { if (reader.parse(credentials_fstream, json)) { if (json.isMember("refresh_token")) { - getTokenFromRefreshTokenJson(json, request); + getTokenFromRefreshTokenJson(json); return true; } #if ALLOW_CUSTOM_SERVICE_ACCOUNTS if (json.isMember("private_key")) { - getTokenFromServiceAccountJson(json, request); + getTokenFromServiceAccountJson(json); return true; } #endif @@ -182,12 +182,12 @@ namespace seismicdrive { } #if ALLOW_CUSTOM_SERVICE_ACCOUNTS - void GoogleAuthProvider::getTokenFromServiceAccountJson(Json::Value json, HTTPRequest *request) { + void GoogleAuthProvider::getTokenFromServiceAccountJson(Json::Value json) { const auto txpoint = log.getPointTime(); ServiceAccountCredentials svcaccount; - auto res = svcaccount.getAccessToken(json, kOAuthV4Url, request); + auto res = svcaccount.getAccessToken(json, kOAuthV4Url); parseToken(res); log << ("Generate google credential from service account key file --- " + std::to_string((log.getPointTime() - txpoint)/1000.0) + "s"); @@ -195,7 +195,7 @@ namespace seismicdrive { } #endif - void GoogleAuthProvider::getTokenFromRefreshTokenJson(Json::Value json, HTTPRequest *request) { + void GoogleAuthProvider::getTokenFromRefreshTokenJson(Json::Value json) { const auto txpoint = log.getPointTime(); @@ -214,7 +214,7 @@ namespace seismicdrive { http.set_http_method(HTTP::POST, body); http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest().send(http); parseToken(http.get_response()); diff --git a/src/src/lib/auth/google_auth_provider.h b/src/src/lib/auth/google_auth_provider.h index e64de4a..f33d942 100644 --- a/src/src/lib/auth/google_auth_provider.h +++ b/src/src/lib/auth/google_auth_provider.h @@ -28,16 +28,16 @@ namespace seismicdrive { private: friend class GoogleAuthProviderTest; - bool getTokenFromFile(HTTPRequest *request); - void getTokenFromGce(HTTPRequest *request); + bool getTokenFromFile(); + void getTokenFromGce(); void parseToken(const std::string& data); std::string getEnvironmentVariableFileName(); std::string getWellKnownFileName(); bool isFile(const std::string& filename) const; - void getTokenFromRefreshTokenJson(Json::Value json, HTTPRequest *request); + void getTokenFromRefreshTokenJson(Json::Value json); #if ALLOW_CUSTOM_SERVICE_ACCOUNTS - void getTokenFromServiceAccountJson(Json::Value json, HTTPRequest *request); + void getTokenFromServiceAccountJson(Json::Value json); #endif // Wouldn't be thread-safe : @@ -49,7 +49,7 @@ namespace seismicdrive { public: GoogleAuthProvider() {} - std::string getAuthToken(HTTPRequest *request = nullptr) override; + std::string getAuthToken() override; std::string getGcsAuthTokenImpl(const std::string &sd_suproject_resource, bool readonly, diff --git a/src/src/lib/auth/imp_auth_provider.cc b/src/src/lib/auth/imp_auth_provider.cc index 8ae9be4..8c6b138 100755 --- a/src/src/lib/auth/imp_auth_provider.cc +++ b/src/src/lib/auth/imp_auth_provider.cc @@ -68,7 +68,7 @@ namespace seismicdrive { token.swap(aToken); } - void ImpAuthProvider::tokenRefresh(HTTPRequest *request) { + void ImpAuthProvider::tokenRefresh() { const auto txpoint = log.getPointTime(); @@ -83,7 +83,7 @@ namespace seismicdrive { http.add_header(seismicdrive::sdutils::isURLaGCPKnownDeploymentHost(sdurl) ? "x-api-key" : "appkey", sdapikey); http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest().send(http); if(http.status()!=HTTP_STATUS::OK) { throw seismicdrive::SDExceptionAuthProviderError(sdmex::auth::ImpRefresh()); @@ -98,7 +98,7 @@ namespace seismicdrive { log << ("Refresh impersonation credential token --- " + std::to_string((log.getPointTime() - txpoint) / 1000.0) + "s"); } - std::string ImpAuthProvider::getAuthToken(HTTPRequest *request) { + std::string ImpAuthProvider::getAuthToken() { std::unique_lock lock(mutex); @@ -108,7 +108,7 @@ namespace seismicdrive { // refresh if expired if(expire < sdutils::now()) { - tokenRefresh(request); + tokenRefresh(); } return token; diff --git a/src/src/lib/auth/imp_auth_provider.h b/src/src/lib/auth/imp_auth_provider.h index 8ffbf3b..9e35cb0 100644 --- a/src/src/lib/auth/imp_auth_provider.h +++ b/src/src/lib/auth/imp_auth_provider.h @@ -29,7 +29,7 @@ namespace seismicdrive { void setToken(std::string token); - void tokenRefresh(HTTPRequest *request); + void tokenRefresh(); // Wouldn't be thread-safe : ImpAuthProvider(const ImpAuthProvider &other) = delete; @@ -42,7 +42,7 @@ namespace seismicdrive { const std::string &sdapikey, const std::string &imp_token); - std::string getAuthToken(HTTPRequest *request = nullptr) override; + std::string getAuthToken() override; void refreshAuthToken(const std::string &token) override; }; diff --git a/src/src/lib/auth/service_account.cc b/src/src/lib/auth/service_account.cc index f269285..75591c9 100644 --- a/src/src/lib/auth/service_account.cc +++ b/src/src/lib/auth/service_account.cc @@ -44,8 +44,7 @@ namespace seismicdrive { std::string ServiceAccountCredentials::getAccessToken( Json::Value credentials, - const std::string& default_token_uri, - HTTPRequest *request) { + const std::string& default_token_uri) { auto info = ParseServiceAccountCredentials(credentials, default_token_uri); @@ -62,7 +61,7 @@ namespace seismicdrive { http.set_http_method(HTTP::POST, payload); http.set_retry_response_parser(retriable_responses); - request->send(http); + HTTPRequest().send(http); return http.get_response(); diff --git a/src/src/lib/auth/service_account.h b/src/src/lib/auth/service_account.h index 816bb73..169ba3d 100644 --- a/src/src/lib/auth/service_account.h +++ b/src/src/lib/auth/service_account.h @@ -35,8 +35,7 @@ namespace seismicdrive { std::string getAccessToken( Json::Value credentials, - const std::string& default_token_uri, - HTTPRequest *request = nullptr); + const std::string& default_token_uri); private: -- GitLab From a2ebd7cc464dbdee7beff8cdbb0f9b90ab49d6ef Mon Sep 17 00:00:00 2001 From: Sid Stenersen Date: Fri, 21 May 2021 00:36:02 -0400 Subject: [PATCH 2/4] Remove obsolete unit tests --- src/test/utest/main.cc | 2 - src/test/utest/mocks/auth_provider_gcs_mock.h | 3 +- src/test/utest/mocks/auth_provider_mock.h | 2 +- src/test/utest/utest_auth_gcs.h | 50 ------- src/test/utest/utest_auth_google.h | 125 ------------------ src/test/utest/utest_auth_imp.h | 5 - 6 files changed, 2 insertions(+), 185 deletions(-) delete mode 100644 src/test/utest/utest_auth_gcs.h delete mode 100644 src/test/utest/utest_auth_google.h diff --git a/src/test/utest/main.cc b/src/test/utest/main.cc index 0a9323e..badc36a 100644 --- a/src/test/utest/main.cc +++ b/src/test/utest/main.cc @@ -35,8 +35,6 @@ #include "utest/utest_core_sd_generic.h" #include "utest/utest_auth_direct.h" #include "utest/utest_auth_imp.h" -#include "utest/utest_auth_gcs.h" -#include "utest/utest_auth_google.h" #include "utest/utest_lib_shared_base64.h" int main(int argc, char **argv) { diff --git a/src/test/utest/mocks/auth_provider_gcs_mock.h b/src/test/utest/mocks/auth_provider_gcs_mock.h index d72fb10..592b216 100644 --- a/src/test/utest/mocks/auth_provider_gcs_mock.h +++ b/src/test/utest/mocks/auth_provider_gcs_mock.h @@ -30,8 +30,7 @@ public: const std::string& /*sdapikey*/, std::function /*authCallback*/, const std::string& /*sd_suproject_resource*/, - const bool /*readonly*/, - HTTPRequest * /*request*/ = nullptr + const bool /*readonly*/ ) override { return "gcs_test_token"; } diff --git a/src/test/utest/mocks/auth_provider_mock.h b/src/test/utest/mocks/auth_provider_mock.h index 299b6a8..683825d 100755 --- a/src/test/utest/mocks/auth_provider_mock.h +++ b/src/test/utest/mocks/auth_provider_mock.h @@ -25,7 +25,7 @@ class AuthProviderMock: public AuthProvider { public: - std::string getAuthToken(HTTPRequest * /*request*/ = nullptr) override { return _token; } + std::string getAuthToken() override { return _token; } std::string getGcsAuthTokenImpl(const std::string & /*sd_suproject_resource*/, const bool /*readonly*/, diff --git a/src/test/utest/utest_auth_gcs.h b/src/test/utest/utest_auth_gcs.h deleted file mode 100644 index b95c173..0000000 --- a/src/test/utest/utest_auth_gcs.h +++ /dev/null @@ -1,50 +0,0 @@ -// ============================================================================ -// Copyright 2017-2021, Schlumberger -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ============================================================================ - - -#include "gtest/gtest.h" -#include "mocks/http_request_mock.h" - -namespace seismicdrive { - -TEST(GcsAuthProviderTest, direct_auth_provider) { - - GcsAuthProvider gcs_auth; - - HTTPRequestMock http_req_mock; - - Json::Value token_payload; - token_payload["iss"] = "iss"; - token_payload["iat"] = Json::UInt64(1547661840); - token_payload["exp"] = Json::UInt64(1547661840); - - std::string token = "header." + Base64UrlEncode(token_payload.toStyledString()) + ".signature"; - - Json::Value tokenjson; - tokenjson["access_token"] = token; - tokenjson["expires_in"] = Json::UInt64(1547661840); - std::string tokenstr = tokenjson.toStyledString(); - http_req_mock.mock_response_buffer(tokenstr); - - // Test Token Generation - ASSERT_EQ(gcs_auth.getToken("url", "key", nullptr, "sp", false, &http_req_mock), token); - - // Test Cache Token - ASSERT_EQ(gcs_auth.getToken("url", "key", nullptr, "sp", false, &http_req_mock), token); - -} - -} diff --git a/src/test/utest/utest_auth_google.h b/src/test/utest/utest_auth_google.h deleted file mode 100644 index ce25253..0000000 --- a/src/test/utest/utest_auth_google.h +++ /dev/null @@ -1,125 +0,0 @@ -// ============================================================================ -// Copyright 2017-2021, Schlumberger -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ============================================================================ - -#include "gtest/gtest.h" -#include "mocks/http_request_mock.h" -#include "auth/google_auth_provider.h" - -#include -#include - -namespace seismicdrive { - -TEST(GoogleAuthProviderUserJsonTest, google_auth_user_json) { - - std::string usr_file_key{"userkey.json"}; - - std::ofstream fout(usr_file_key); - fout << "{\n"; - fout << " \"client_id\": \"32555942559.apps.googleusercontent.com\",\n"; - fout << " \"client_secret\": \"ZmsaLNjJy2908hD4CTg2ejr2\",\n"; - fout << " \"refresh_token\": \"1/lH88rigvid5w6o3HSABXaqOyxVDFdUGEGugc8OLVTAc\",\n"; - fout << " \"type\": \"authorized_user\"\n"; - fout << "}\n"; - fout.close(); - -#ifndef _WIN32 - setenv("GOOGLE_APPLICATION_CREDENTIALS", usr_file_key.c_str(), 1); -#else - _putenv_s("GOOGLE_APPLICATION_CREDENTIALS", usr_file_key.c_str()); -#endif - - AuthProvider * auth = new GoogleAuthProvider(); - - HTTPRequestMock http_req_mock; - - Json::Value token_payload; - token_payload["iss"] = "iss"; - token_payload["iat"] = Json::UInt64(1547661840); - token_payload["exp"] = Json::UInt64(1547661840); - - std::string token = "header." + Base64UrlEncode(token_payload.toStyledString()) + ".signature"; - - Json::Value tokenjson; - tokenjson["access_token"] = token; - tokenjson["expires_in"] = Json::UInt64(1547661840); - std::string tokenstr = tokenjson.toStyledString(); - http_req_mock.mock_response_buffer(tokenstr); - - // Test Auth Token From JSON file - ASSERT_EQ(auth->getAuthToken(&http_req_mock), token); - - // Test Get GCS Token - GcsAuthProviderMock gcs; - ASSERT_EQ(auth->getGcsAuthToken("subproject", false, gcs), "Bearer " + token); - - // Test CTOR - GoogleAuthProvider auth2; - GoogleAuthProvider *auth3 = new GoogleAuthProvider(); - delete auth3; - - std::remove(usr_file_key.c_str()); -} - -TEST(GoogleAuthProviderSvcAccountTest, google_auth_svc_account_json) { - - std::string svc_file_token{"svckey.json"}; - - std::ofstream fout(svc_file_token); - fout << "{\n"; - fout << " \"type\": \"service_account\",\n"; - fout << " \"project_id\": \"evd-sp-services\",\n"; - fout << " \"private_key_id\": \"745c65b2d4b086e0adcf3a5a7e7bd61ed673aed6\",\n"; - fout << " \"private_key\": \"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1zPudI/aqldRY\nUo8Bi9pMjB1cKuwxxY7Uv7rqsGTHeGARnZfpelhumD13SiwAsd6ggOMZRRyvmKCw\nNpvYDjBKBfnQWxFsUqN6YLbiMtoUzGxzL3SOhfO76DH8o1NQIm6oy7kdEBgzZbOP\nCmNi+HWpj7uI3UHnvpnS8n6rBKlX3GSonuv/DDZvZ8cdomrXVk41RFyKW1r3fBna\nGC4d6vQNxAwRF0Irr2KB+nPvfzHtWSU+Ur+SGyWd1R3rpOPGoG1imwo+8C6u4hds\nyN2vfGRlKjEUTdS8XSjlbPYJuyYf3pRINiBvm6+TyueDheExdrSx9nreFNIhOY27\nvLFWvaCpAgMBAAECggEADXQ4Aq8QqBsidc7WSnUBGL0dxx5eEGjgYxo1SPz42FIu\nOd+ByIOHW9fkZJmWnA6NvS8Mn2gf8VbIPYItElYqeK/shuDWbz/GXV4e6qp8vSFL\nvVJ7u7hqCzPpzxp/JeUGb3N0JZR1Vghmu2U3abGdc4jxhfVp1S6jz5qmiR11Ms06\nlpoLcjsY8bqSXFWbFRlHzqL/SfZy4DLBC9JjZ7nTJ2jZU2GWRt4q6XQWnFRX8Bcv\n/xKiJN+lUWQkq+EbVhLHt5tmeQnZY1KTWdhozlrgFMUq0ecG+MoEqxlPKgsqyNZv\nCxPEF/iRV9kCGQ5EpIESYz4rLvTee+SdtQI6NxZbyQKBgQDpPeZPLhAEkB6pZqZe\nWxuWxG64AwHu5AJ7LStx9BLrru+HAw/eHlF458JzuImN9HMQ/tpgRK1W9BZqI8CL\nTi8JVq48R/P+3KE/lgnyX6M/bHrSj41UODPKtLXQPzRteXYIPMSsm9EoPf30VZDi\n6hGS3BTLr8J9CxFu5wwoFyRkOwKBgQDHiiWOIMPdlgwy/dJhbfVqsqp4PtavmtTe\nnmLnwbCcGV3t3uXWrInXCulZm56+qGW0fCNTnExwIDg041niEUw+BaM4WmmIHnl/\nPvP8KYtRihcpyL7ETMrO+4LFwmFOjhBMn+7o6j3zGN6wJB61SpO+5w9ESakjUwLF\nVG3b1od0awKBgQCmfY3xxUKfzzRj3acyQTyfUVZrOZJesRloTaTucbgzziqiqDfi\naKflcyHlsrtVvkGIxzKgd0V4hUGewCiIB+Yhd2NmGkJ8EYd0uSgef9AqzMebl+bd\nUEUAFCCYJxXIc2QimyYUxCD35dBqYc3LfCPRPhIGF07wLT9jd7/Aukw60wKBgQCJ\nxaa8hX73RhzSMFLMFqH2s7nkIG8W/G6x7uYXYrLQdOtXzCkhmivqIIyR5FMtDRR8\nE6JInohger6UNc3fu1XLFRVnWXW4GGKHKy5HE2AwQopPvV2KKAN3+kyGwvlwxcIX\nRe4tP17atHc9YxMY1Y9BpkPyQHHaA/zLxsm7mloYVQKBgBSiLZxx3czMEeVQrToH\naedGcknqAZIaXpiXZ/Z57yaIsgleMJ6zuFmzxL1xSlyVUzEmZi/1Kfp/mFaIIkSf\nqtyWTkbFaIau8lyLlqTBEgpZr5/aih0pMtnJ2pYNK6iHLuWpUUi8RrEHrdl+E+nU\n57LzIWZcNwdTuVuyxsoBJHzH\n-----END PRIVATE KEY-----\n\",\n"; - fout << " \"client_email\": \"utest-sdapi@evd-sp-services.iam.gserviceaccount.com\",\n"; - fout << " \"client_id\": \"105603147992501863094\",\n"; - fout << " \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n"; - fout << " \"token_uri\": \"https://oauth2.googleapis.com/token\",\n"; - fout << " \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n"; - fout << " \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/utest-sdapi%40evd-sp-services.iam.gserviceaccount.com\"\n"; - fout << "}\n"; - fout.close(); - -#ifndef _WIN32 - setenv("GOOGLE_APPLICATION_CREDENTIALS", svc_file_token.c_str(), 1); -#else - _putenv_s("GOOGLE_APPLICATION_CREDENTIALS", svc_file_token.c_str()); -#endif - - AuthProvider * auth2 = new GoogleAuthProvider(); - - HTTPRequestMock http_req_mock; - - Json::Value token_payload; - token_payload["iss"] = "iss"; - token_payload["iat"] = Json::UInt64(1547661840); - token_payload["exp"] = Json::UInt64(1547661840); - - std::string token = "header." + Base64UrlEncode(token_payload.toStyledString()) + ".signature"; - - Json::Value tokenjson; - tokenjson["access_token"] = token; - tokenjson["expires_in"] = Json::UInt64(1547661840); - std::string tokenstr = tokenjson.toStyledString(); - http_req_mock.mock_response_buffer(tokenstr); - - // Test Auth Token From JSON file - auth2->getAuthToken(&http_req_mock); - - std::remove(svc_file_token.c_str()); -} - -} diff --git a/src/test/utest/utest_auth_imp.h b/src/test/utest/utest_auth_imp.h index d86c61e..5c4fc17 100644 --- a/src/test/utest/utest_auth_imp.h +++ b/src/test/utest/utest_auth_imp.h @@ -41,11 +41,6 @@ TEST(ImpAuthProviderTest, direct_auth_provider) { ImpAuthProvider* auth2{new ImpAuthProvider{"url", "apikey", tokenstr}}; delete auth2; - // Test Get Auth Token - HTTPRequestMock http_req_mock; - http_req_mock.mock_response_buffer(tokenstr); - ASSERT_EQ(auth->getAuthToken(&http_req_mock), token); - // Test Get GCS Token GcsAuthProviderMock gcs; ASSERT_EQ( -- GitLab From b86a55dfaf4fdee90c58d8d1449bbbfbf58fba2a Mon Sep 17 00:00:00 2001 From: Sid Stenersen Date: Fri, 21 May 2021 20:09:13 -0400 Subject: [PATCH 3/4] Prepend auth token with "Bearer " as needed --- src/src/lib/auth/auth_provider.cc | 8 ++++---- src/src/lib/auth/auth_provider.h | 2 +- src/src/lib/cloud/providers/SeismicStore.cc | 2 +- src/src/lib/shared/utils.cc | 10 ++++++++++ src/src/lib/shared/utils.h | 4 ++++ 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/src/lib/auth/auth_provider.cc b/src/src/lib/auth/auth_provider.cc index cc2d3d3..5f6ff4e 100644 --- a/src/src/lib/auth/auth_provider.cc +++ b/src/src/lib/auth/auth_provider.cc @@ -34,9 +34,10 @@ AuthProvider::AuthProvider(const std::string &sdurl, const std::string &sdapikey std::string AuthProvider::getGcsAuthTokenImpl(const std::string &sd_suproject_resource, bool readonly, - GcsAuthProvider &gcs_auth) { + GcsAuthProvider &gcs_auth) +{ auto acb = [this]() -> std::string { - return getAuthToken(); + return sdutils::prepBearer(getAuthToken()); }; gcs_auth.setLogStatus(log.isEnabled()); return gcs_auth.getToken(sdurl, sdapikey, acb, sd_suproject_resource, readonly); @@ -46,8 +47,7 @@ std::string AuthProvider::getGcsAuthToken(const std::string &sd_suproject_resour bool readonly, GcsAuthProvider &gcs_auth) { - auto t = getGcsAuthTokenImpl(sd_suproject_resource, readonly, gcs_auth); - return t.rfind("Bearer ", 0) == t.npos ? "Bearer " + t : t; + return sdutils::prepBearer(getGcsAuthTokenImpl(sd_suproject_resource, readonly, gcs_auth)); } diff --git a/src/src/lib/auth/auth_provider.h b/src/src/lib/auth/auth_provider.h index a1edf9c..3790b6d 100644 --- a/src/src/lib/auth/auth_provider.h +++ b/src/src/lib/auth/auth_provider.h @@ -52,7 +52,7 @@ class AuthProvider bool readonly = false) { GcsAuthProvider gap; - return getGcsAuthTokenImpl(sd_suproject_resource, readonly, gap); + return getGcsAuthToken(sd_suproject_resource, readonly, gap); } virtual void refreshAuthToken(const std::string &/*token*/) diff --git a/src/src/lib/cloud/providers/SeismicStore.cc b/src/src/lib/cloud/providers/SeismicStore.cc index 5740270..14ef703 100644 --- a/src/src/lib/cloud/providers/SeismicStore.cc +++ b/src/src/lib/cloud/providers/SeismicStore.cc @@ -148,7 +148,7 @@ void SeismicStore::sendHttp(HTTPManager &http) const { void SeismicStore::setDefaultCallbacks(HTTPManager& http) const{ http.set_auth_callback([this]() -> std::string { - return "Bearer " + _sdmanager->getIDToken(); + return sdutils::prepBearer(_sdmanager->getIDToken()); }); // these are API dependent, can't be hard-coded in HTTPRequest http.set_auth_response_parser(needs_credentials_refresh); diff --git a/src/src/lib/shared/utils.cc b/src/src/lib/shared/utils.cc index 4fdeaf0..23d9cbb 100755 --- a/src/src/lib/shared/utils.cc +++ b/src/src/lib/shared/utils.cc @@ -281,4 +281,14 @@ void parseSasUri(const std::string &sasUri, sasToken = match[3].str(); } +std::string prepend(const std::string &s, const std::string pre) +{ + return s.rfind(pre, 0) ? pre + s : s; +} + +std::string prepBearer(const std::string &s) +{ + return prepend(s, "Bearer "); +} + }} // namespace \ No newline at end of file diff --git a/src/src/lib/shared/utils.h b/src/src/lib/shared/utils.h index 593d6c1..03d7c46 100644 --- a/src/src/lib/shared/utils.h +++ b/src/src/lib/shared/utils.h @@ -89,4 +89,8 @@ void parseSasUri(const std::string &sasUri, std::string &containerName, std::string &sasToken); +std::string prepend(const std::string &s, const std::string pre); + +std::string prepBearer(const std::string &s); + }} // namespace -- GitLab From 3ccb2eba77357c2894df69adcb0be183f5b8ade5 Mon Sep 17 00:00:00 2001 From: Sid Stenersen Date: Sat, 22 May 2021 01:29:24 -0400 Subject: [PATCH 4/4] Add documentation --- src/src/lib/http/http_manager.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/src/lib/http/http_manager.h b/src/src/lib/http/http_manager.h index d942d6e..1149444 100644 --- a/src/src/lib/http/http_manager.h +++ b/src/src/lib/http/http_manager.h @@ -118,6 +118,20 @@ public: _headers[sdutils::toLower(key)] = value; } + /** + * @details use an user-provided function to produce a valid HTTP Authorization header + * so for an HTTP request requiring a basic scheme ( https://datatracker.ietf.org/doc/html/rfc7617 ) + * it need to return "Basic token_value" + * + * for an HTTP request requiring an OAuth2 bearer token ( https://datatracker.ietf.org/doc/html/rfc6750 ) + * it needs to return "Bearer token_value" + * + * ditto for a Digest, AWS4-HMAC-SHA256 or whatever other authentication framework. + * + * @param callback + * + * @todo : describe failure modes. (this issues an authentication call and returns the value of an authorization header) + */ void set_auth_callback( std::function callback ){ _auth_callback = callback; } -- GitLab