Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F2831589
D12448.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D12448.diff
View Options
diff --git a/services/reports/src/service.rs b/services/reports/src/service.rs
--- a/services/reports/src/service.rs
+++ b/services/reports/src/service.rs
@@ -1,7 +1,7 @@
use actix_web::FromRequest;
use chrono::Utc;
use comm_lib::{
- auth::{AuthService, AuthorizationCredential},
+ auth::{is_csat_verification_disabled, AuthService, AuthorizationCredential},
blob::client::{BlobServiceClient, BlobServiceError},
crypto::aes256,
database::{self, blob::BlobOrDBContent},
@@ -236,7 +236,21 @@
// This is Some if the request contains valid Authorization header
let auth_token = match credential {
- Some(token @ AuthorizationCredential::UserToken(_)) => token,
+ Some(token @ AuthorizationCredential::UserToken(_)) => {
+ let token_valid = auth_service
+ .verify_auth_credential(&token)
+ .await
+ .map_err(|err| {
+ error!("Failed to verify access token: {err}");
+ ErrorInternalServerError("Internal server error")
+ })?;
+ if token_valid || is_csat_verification_disabled() {
+ token
+ } else {
+ warn!("Posting report with invalid credentials! Defaulting to ServicesToken...");
+ get_services_token_credential(&auth_service).await?
+ }
+ }
Some(_) => {
// Reports service shouldn't be called by other services
warn!("Reports service requires user authorization");
@@ -244,12 +258,7 @@
}
None => {
// Unauthenticated requests get a service-to-service token
- let services_token =
- auth_service.get_services_token().await.map_err(|err| {
- error!("Failed to get services token: {err}");
- ErrorInternalServerError("Internal server error")
- })?;
- AuthorizationCredential::ServicesToken(services_token)
+ get_services_token_credential(&auth_service).await?
}
};
let service = base_service.with_authentication(auth_token);
@@ -258,6 +267,17 @@
}
}
+async fn get_services_token_credential(
+ auth_service: &AuthService,
+) -> Result<AuthorizationCredential, actix_web::Error> {
+ let services_token =
+ auth_service.get_services_token().await.map_err(|err| {
+ error!("Failed to get services token: {err}");
+ actix_web::error::ErrorInternalServerError("Internal server error")
+ })?;
+ Ok(AuthorizationCredential::ServicesToken(services_token))
+}
+
struct ProcessedReport {
id: ReportID,
db_item: ReportItem,
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Sep 29, 12:32 AM (22 h, 29 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2198425
Default Alt Text
D12448.diff (2 KB)
Attached To
Mode
D12448: [reports] Verify CSAT if present
Attached
Detach File
Event Timeline
Log In to Comment