2018-04-27 00:06:00 +03:00
|
|
|
package macaroons_test
|
2017-09-22 08:51:15 +03:00
|
|
|
|
|
|
|
import (
|
2018-04-27 00:06:00 +03:00
|
|
|
"strings"
|
2018-07-31 10:17:17 +03:00
|
|
|
"testing"
|
|
|
|
"time"
|
2019-01-16 17:47:43 +03:00
|
|
|
|
|
|
|
"github.com/lightningnetwork/lnd/macaroons"
|
|
|
|
macaroon "gopkg.in/macaroon.v2"
|
2018-04-27 00:06:00 +03:00
|
|
|
)
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
var (
|
|
|
|
testRootKey = []byte("dummyRootKey")
|
|
|
|
testId = []byte("dummyId")
|
|
|
|
testLocation = "lnd"
|
|
|
|
testVersion = macaroon.LatestVersion
|
|
|
|
expectedTimeCaveatSubstring = "time-before " + string(time.Now().Year())
|
2017-09-22 08:51:15 +03:00
|
|
|
)
|
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
func createDummyMacaroon(t *testing.T) *macaroon.Macaroon {
|
|
|
|
dummyMacaroon, err := macaroon.New(testRootKey, testId,
|
|
|
|
testLocation, testVersion)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error creating initial macaroon: %v", err)
|
|
|
|
}
|
|
|
|
return dummyMacaroon
|
2017-09-22 09:35:47 +03:00
|
|
|
}
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// TestAddConstraints tests that constraints can be added to an existing
|
|
|
|
// macaroon and therefore tighten its restrictions.
|
|
|
|
func TestAddConstraints(t *testing.T) {
|
|
|
|
// We need a dummy macaroon to start with. Create one without
|
|
|
|
// a bakery, because we mock everything anyway.
|
|
|
|
initialMac := createDummyMacaroon(t)
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Now add a constraint and make sure we have a cloned macaroon
|
|
|
|
// with the constraint applied instead of a mutated initial one.
|
|
|
|
newMac, err := macaroons.AddConstraints(initialMac,
|
|
|
|
macaroons.TimeoutConstraint(1))
|
2017-09-22 08:51:15 +03:00
|
|
|
if err != nil {
|
2018-04-27 00:06:00 +03:00
|
|
|
t.Fatalf("Error adding constraint: %v", err)
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
2018-04-27 00:06:00 +03:00
|
|
|
if &newMac == &initialMac {
|
|
|
|
t.Fatalf("Initial macaroon has been changed, something " +
|
|
|
|
"went wrong!")
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Finally, test that the constraint has been added.
|
|
|
|
if len(initialMac.Caveats()) == len(newMac.Caveats()) {
|
|
|
|
t.Fatalf("No caveat has been added to the macaroon when " +
|
|
|
|
"constraint was applied")
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
2018-04-27 00:06:00 +03:00
|
|
|
}
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// TestTimeoutConstraint tests that a caveat for the lifetime of
|
|
|
|
// a macaroon is created.
|
|
|
|
func TestTimeoutConstraint(t *testing.T) {
|
|
|
|
// Get a configured version of the constraint function.
|
|
|
|
constraintFunc := macaroons.TimeoutConstraint(3)
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Now we need a dummy macaroon that we can apply the constraint
|
|
|
|
// function to.
|
|
|
|
testMacaroon := createDummyMacaroon(t)
|
|
|
|
err := constraintFunc(testMacaroon)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error applying timeout constraint: %v", err)
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Finally, check that the created caveat has an
|
|
|
|
// acceptable value
|
|
|
|
if strings.HasPrefix(string(testMacaroon.Caveats()[0].Id),
|
|
|
|
expectedTimeCaveatSubstring) {
|
|
|
|
t.Fatalf("Added caveat '%s' does not meet the expectations!",
|
|
|
|
testMacaroon.Caveats()[0].Id)
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
2017-09-22 09:35:47 +03:00
|
|
|
}
|
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// TestTimeoutConstraint tests that a caveat for the lifetime of
|
|
|
|
// a macaroon is created.
|
|
|
|
func TestIpLockConstraint(t *testing.T) {
|
|
|
|
// Get a configured version of the constraint function.
|
|
|
|
constraintFunc := macaroons.IPLockConstraint("127.0.0.1")
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Now we need a dummy macaroon that we can apply the constraint
|
|
|
|
// function to.
|
|
|
|
testMacaroon := createDummyMacaroon(t)
|
|
|
|
err := constraintFunc(testMacaroon)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error applying timeout constraint: %v", err)
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// Finally, check that the created caveat has an
|
|
|
|
// acceptable value
|
|
|
|
if string(testMacaroon.Caveats()[0].Id) != "ipaddr 127.0.0.1" {
|
|
|
|
t.Fatalf("Added caveat '%s' does not meet the expectations!",
|
|
|
|
testMacaroon.Caveats()[0].Id)
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
2017-09-22 09:35:47 +03:00
|
|
|
}
|
2017-09-22 08:51:15 +03:00
|
|
|
|
2018-04-27 00:06:00 +03:00
|
|
|
// TestIPLockBadIP tests that an IP constraint cannot be added if the
|
|
|
|
// provided string is not a valid IP address.
|
2017-09-22 09:35:47 +03:00
|
|
|
func TestIPLockBadIP(t *testing.T) {
|
2018-07-31 10:20:52 +03:00
|
|
|
constraintFunc := macaroons.IPLockConstraint("127.0.0/800")
|
2018-04-27 00:06:00 +03:00
|
|
|
testMacaroon := createDummyMacaroon(t)
|
|
|
|
err := constraintFunc(testMacaroon)
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("IPLockConstraint with bad IP should fail.")
|
2017-09-22 08:51:15 +03:00
|
|
|
}
|
|
|
|
}
|