Page MenuHomePhabricator

[identity] Add HTTP function to verify CSAT
ClosedPublic

Authored by bartek on Jun 4 2024, 12:55 AM.
Tags
None
Referenced Files
F3377158: D12303.diff
Wed, Nov 27, 4:10 AM
Unknown Object (File)
Sat, Nov 23, 2:16 PM
Unknown Object (File)
Sat, Nov 23, 12:37 PM
Unknown Object (File)
Tue, Nov 5, 9:54 PM
Unknown Object (File)
Tue, Nov 5, 3:45 PM
Unknown Object (File)
Fri, Nov 1, 5:30 PM
Unknown Object (File)
Wed, Oct 30, 3:39 AM
Unknown Object (File)
Oct 13 2024, 6:37 AM
Subscribers

Details

Summary

Added function that verifies Authorization header for valid CSAT.
The header format is compliant with what we have for HTTP services (blob, backup): Authorization: Bearer [base64-encoded JSON] - I could reuse some utils from comm-lib to easily achieve that.

Depends on D12302

Test Plan

Created a dummy endpoint that calls verify_csat()? and returns HTTP 200. Verified the following:

  • Missing Authorization header returns HTTP 401 Unauthorized
  • Invalid header format returns HTTP 400 Bad request
    • Missing "Bearer " prefix
    • Invalid base64
    • Invalid JSON - e.g. missing one of required fields
  • Invalid credentials return HTTP 403 Forbidden
  • HTTP 200 (func returns Ok(())) for valid credentials taken from identity-tokens table

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek held this revision as a draft.
bartek published this revision for review.Jun 4 2024, 8:13 AM
This revision is now accepted and ready to land.Jun 6 2024, 3:14 AM
services/identity/src/http/handlers.rs
24 ↗(On Diff #40914)

Nit: malformed (here and below)