Page MenuHomePhabricator

[identity] Add HTTP function to verify CSAT
ClosedPublic

Authored by bartek on Jun 4 2024, 12:55 AM.
Tags
None
Referenced Files
F3156470: D12303.diff
Tue, Nov 5, 3:45 PM
Unknown Object (File)
Fri, Nov 1, 5:30 PM
Unknown Object (File)
Wed, Oct 30, 3:39 AM
Unknown Object (File)
Sun, Oct 13, 6:37 AM
Unknown Object (File)
Sun, Oct 13, 6:37 AM
Unknown Object (File)
Sun, Oct 13, 6:36 AM
Unknown Object (File)
Sun, Oct 13, 6:35 AM
Unknown Object (File)
Aug 29 2024, 3:26 PM
Subscribers

Details

Summary

Added function that verifies Authorization header for valid CSAT.
The header format is compliant with what we have for HTTP services (blob, backup): Authorization: Bearer [base64-encoded JSON] - I could reuse some utils from comm-lib to easily achieve that.

Depends on D12302

Test Plan

Created a dummy endpoint that calls verify_csat()? and returns HTTP 200. Verified the following:

  • Missing Authorization header returns HTTP 401 Unauthorized
  • Invalid header format returns HTTP 400 Bad request
    • Missing "Bearer " prefix
    • Invalid base64
    • Invalid JSON - e.g. missing one of required fields
  • Invalid credentials return HTTP 403 Forbidden
  • HTTP 200 (func returns Ok(())) for valid credentials taken from identity-tokens table

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage