diff options
-rw-r--r-- | src/Crypto/Macaroon/Verifier.hs | 15 | ||||
-rw-r--r-- | test/Crypto/Macaroon/Verifier/Tests.hs | 30 |
2 files changed, 26 insertions, 19 deletions
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs index cb64c9d..012d156 100644 --- a/src/Crypto/Macaroon/Verifier.hs +++ b/src/Crypto/Macaroon/Verifier.hs | |||
@@ -16,6 +16,7 @@ module Crypto.Macaroon.Verifier ( | |||
16 | Verified(..) | 16 | Verified(..) |
17 | , verifySig | 17 | , verifySig |
18 | , verifyExact | 18 | , verifyExact |
19 | , verifyFun | ||
19 | , verifyCavs | 20 | , verifyCavs |
20 | -- , module Data.Attoparsec.ByteString | 21 | -- , module Data.Attoparsec.ByteString |
21 | , module Data.Attoparsec.ByteString.Char8 | 22 | , module Data.Attoparsec.ByteString.Char8 |
@@ -55,10 +56,13 @@ verifySig k m = bool Failed Ok $ | |||
55 | verifyCavs :: [Caveat -> Maybe Verified] -> Macaroon -> Verified | 56 | verifyCavs :: [Caveat -> Maybe Verified] -> Macaroon -> Verified |
56 | verifyCavs verifiers m = mconcat $ map (\c -> mconcat . catMaybes $ map ($ c) verifiers) (caveats m) | 57 | verifyCavs verifiers m = mconcat $ map (\c -> mconcat . catMaybes $ map ($ c) verifiers) (caveats m) |
57 | 58 | ||
58 | verifyExact :: (Show a, Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified | 59 | verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified |
59 | verifyExact key expected parser cav = if key `BS.isPrefixOf` cid cav then | 60 | verifyExact k expected = verifyFun k (expected ==) |
61 | |||
62 | verifyFun :: Key -> (a -> Bool) -> Parser a -> Caveat -> Maybe Verified | ||
63 | verifyFun key f parser cav = if key `BS.isPrefixOf` cid cav then | ||
60 | case parseOnly kvparser (cid cav) of | 64 | case parseOnly kvparser (cid cav) of |
61 | Right v -> verify <$> Just v | 65 | Right v -> (bool Failed Ok . f) <$> Just v |
62 | Left _ -> Just Failed | 66 | Left _ -> Just Failed |
63 | else Nothing | 67 | else Nothing |
64 | where | 68 | where |
@@ -67,7 +71,4 @@ verifyExact key expected parser cav = if key `BS.isPrefixOf` cid cav then | |||
67 | skipSpace | 71 | skipSpace |
68 | string "=" | 72 | string "=" |
69 | skipSpace | 73 | skipSpace |
70 | parser | 74 | parser <* endOfInput |
71 | |||
72 | -- *> skipSpace *> string "=" *> skipSpace *> parser <* endOfInput | ||
73 | verify a = bool Failed Ok (a == expected) | ||
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs index 37d0230..54c8db1 100644 --- a/test/Crypto/Macaroon/Verifier/Tests.hs +++ b/test/Crypto/Macaroon/Verifier/Tests.hs | |||
@@ -12,6 +12,7 @@ This test suite is based on the pymacaroons test suite: | |||
12 | module Crypto.Macaroon.Verifier.Tests where | 12 | module Crypto.Macaroon.Verifier.Tests where |
13 | 13 | ||
14 | 14 | ||
15 | import Data.List | ||
15 | import qualified Data.ByteString.Char8 as B8 | 16 | import qualified Data.ByteString.Char8 as B8 |
16 | import Test.Tasty | 17 | import Test.Tasty |
17 | import Test.Tasty.HUnit | 18 | import Test.Tasty.HUnit |
@@ -50,6 +51,9 @@ exVerifiers = [ verifyExact "test" "caveat" (many' letter_ascii) | |||
50 | exVerifiers' = [ verifyExact "test" "caveat" (many' letter_ascii) | 51 | exVerifiers' = [ verifyExact "test" "caveat" (many' letter_ascii) |
51 | , verifyExact "value" 43 decimal | 52 | , verifyExact "value" 43 decimal |
52 | ] | 53 | ] |
54 | funVerifiers = [ verifyFun "test" ("cav" `isPrefixOf`) (many' letter_ascii) | ||
55 | , verifyFun "value" (<= 43) decimal | ||
56 | ] | ||
53 | 57 | ||
54 | {- | 58 | {- |
55 | - Tests | 59 | - Tests |
@@ -73,15 +77,17 @@ one = testCase "Macaroon with one caveat" $ | |||
73 | two = testCase "Macaroon with two caveats" $ | 77 | two = testCase "Macaroon with two caveats" $ |
74 | Ok @=? verifySig sec m3 | 78 | Ok @=? verifySig sec m3 |
75 | 79 | ||
76 | exactCavs = testGroup "Exact Caveats" [ zero', one', two' , one'', two''] | 80 | exactCavs = testGroup "Exact Caveats" [ |
77 | 81 | testGroup "Ignoring non-relevant" [ | |
78 | zero' = testCase "Zero caveat win" $ | 82 | testCase "Zero caveat" $ Ok @=? verifyCavs exVerifiers m |
79 | Ok @=? verifyCavs exVerifiers m | 83 | , testCase "One caveat" $ Ok @=? verifyCavs exVerifiers' m2 |
80 | one' = testCase "One caveat win" $ | 84 | ] |
81 | Ok @=? verifyCavs exVerifiers m2 | 85 | , testCase "One caveat win" $ Ok @=? verifyCavs exVerifiers m2 |
82 | one'' = testCase "Ignoring non-relevant" $ | 86 | , testCase "Two caveat win" $ Ok @=? verifyCavs exVerifiers m3 |
83 | Ok @=? verifyCavs exVerifiers' m2 | 87 | , testCase "Two caveat fail" $ Failed @=? verifyCavs exVerifiers' m3 |
84 | two' = testCase "Two caveat win" $ | 88 | ] |
85 | Ok @=? verifyCavs exVerifiers m3 | 89 | |
86 | two'' = testCase "Two caveat fail" $ | 90 | funCavs = testGroup "Function Caveats" [ |
87 | Failed @=? verifyCavs exVerifiers' m3 | 91 | testCase "One caveat win" $ Ok @=? verifyCavs funVerifiers m2 |
92 | , testCase "Two caveat win" $ Ok @=? verifyCavs funVerifiers m3 | ||
93 | ] | ||