diff options
| author | molotkov-and <molotkov-and@yandex-team.com> | 2022-09-14 13:14:01 +0300 |
|---|---|---|
| committer | molotkov-and <molotkov-and@yandex-team.com> | 2022-09-14 13:14:01 +0300 |
| commit | 5756a87bc4295b39c99409b169f53cdcf1004122 (patch) | |
| tree | 89718d7799cfca45300286d07b217d0491e29fe0 | |
| parent | 6b586028e16e710686153609795466829c08c470 (diff) | |
| download | ydb-5756a87bc4295b39c99409b169f53cdcf1004122.tar.gz | |
Print correct error message when empty security token is used
| -rw-r--r-- | ydb/core/security/ticket_parser.cpp | 8 | ||||
| -rw-r--r-- | ydb/core/security/ticket_parser_ut.cpp | 42 |
2 files changed, 50 insertions, 0 deletions
diff --git a/ydb/core/security/ticket_parser.cpp b/ydb/core/security/ticket_parser.cpp index 58e79d644f..6e2121e15e 100644 --- a/ydb/core/security/ticket_parser.cpp +++ b/ydb/core/security/ticket_parser.cpp @@ -317,6 +317,14 @@ class TTicketParser : public TActorBootstrapped<TTicketParser> { ui64 cookie = ev->Cookie; CounterTicketsReceived->Inc(); + if (ticket.empty()) { + TEvTicketParser::TError error; + error.Message = "Ticket is empty"; + error.Retryable = false; + LOG_ERROR_S(ctx, NKikimrServices::TICKET_PARSER, "Ticket " << MaskTicket(ticket) << ": " << error); + ctx.Send(sender, new TEvTicketParser::TEvAuthorizeTicketResult(ev->Get()->Ticket, error), 0, cookie); + return; + } auto it = UserTokens.find(key); if (it != UserTokens.end()) { auto& record = it->second; diff --git a/ydb/core/security/ticket_parser_ut.cpp b/ydb/core/security/ticket_parser_ut.cpp index 2b624efefe..d3f02b4968 100644 --- a/ydb/core/security/ticket_parser_ut.cpp +++ b/ydb/core/security/ticket_parser_ut.cpp @@ -133,5 +133,47 @@ Y_UNIT_TEST_SUITE(TTicketParserTest) { UNIT_ASSERT(!result->Error.empty()); UNIT_ASSERT_EQUAL(result->Error.Message, "Token is not in correct format"); } + + Y_UNIT_TEST(LoginEmptyTicketBad) { + using namespace Tests; + TPortManager tp; + ui16 kikimrPort = tp.GetPort(2134); + ui16 grpcPort = tp.GetPort(2135); + NKikimrProto::TAuthConfig authConfig; + authConfig.SetUseBlackBox(false); + authConfig.SetUseLoginProvider(true); + auto settings = TServerSettings(kikimrPort, authConfig); + settings.SetDomainName("Root"); + TServer server(settings); + server.EnableGRpc(grpcPort); + server.GetRuntime()->SetLogPriority(NKikimrServices::TICKET_PARSER, NLog::PRI_TRACE); + server.GetRuntime()->SetLogPriority(NKikimrServices::GRPC_CLIENT, NLog::PRI_TRACE); + TClient client(settings); + NClient::TKikimr kikimr(client.GetClientConfig()); + client.InitRootScheme(); + TTestActorRuntime* runtime = server.GetRuntime(); + + NLogin::TLoginProvider provider; + + provider.Audience = "/Root"; + provider.RotateKeys(); + + TActorId sender = runtime->AllocateEdgeActor(); + runtime->Send(new IEventHandle(MakeTicketParserID(), sender, new TEvTicketParser::TEvUpdateLoginSecurityState(provider.GetSecurityState())), 0); + + provider.CreateUser({.User = "user1", .Password = "password1"}); + auto loginResponse = provider.LoginUser({.User = "user1", .Password = "password1"}); + + TString emptyUserToken = ""; + + runtime->Send(new IEventHandle(MakeTicketParserID(), sender, new TEvTicketParser::TEvAuthorizeTicket(emptyUserToken)), 0); + + TAutoPtr<IEventHandle> handle; + + TEvTicketParser::TEvAuthorizeTicketResult* result = runtime->GrabEdgeEvent<TEvTicketParser::TEvAuthorizeTicketResult>(handle); + UNIT_ASSERT(!result->Error.empty()); + UNIT_ASSERT(result->Token == nullptr); + UNIT_ASSERT_EQUAL(result->Error.Message, "Ticket is empty"); + } } } |