macaroons: fix incorrect comparison in isRegistered, wrap long lines

macaroons/README.md

@@ -1,28 +1,33 @@
 # macaroons
 
-This is a more detailed, technical description of how macaroons work and how authentication 
-and authorization is implemented in `lnd`.
+This is a more detailed, technical description of how macaroons work and how
+authentication and authorization is implemented in `lnd`.
 
-For a more high-level overview see [macaroons.md in the docs](../docs/macaroons.md).
+For a more high-level overview see
+[macaroons.md in the docs](../docs/macaroons.md).
 
 ## Root key
 
-At startup, if the option `--no-macaroons` is **not** used, a Bolt DB key/value store
-named `data/macaroons.db` is created with a bucket named `macrootkeys`.
+At startup, if the option `--no-macaroons` is **not** used, a Bolt DB key/value
+store named `data/macaroons.db` is created with a bucket named `macrootkeys`.
 In this DB the following two key/value pairs are stored:
 
 * Key `0`: the encrypted root key (32 bytes).
-  * If the root key does not exist yet, 32 bytes of pseudo-random data is generated and used.
-* Key `enckey`: the parameters used to derive a secret encryption key from a passphrase.
+  * If the root key does not exist yet, 32 bytes of pseudo-random data is
+    generated and used.
+* Key `enckey`: the parameters used to derive a secret encryption key from a
+  passphrase.
   * The following parameters are stored: `<salt><digest><N><R><P>`
-    * `salt`: 32 byte of random data used as salt for the `scrypt` key derivation.
-    * `digest`: sha256 hashed key derived from the `scrypt` operation. Is used to verify if the
-      password is correct.
+    * `salt`: 32 byte of random data used as salt for the `scrypt` key
+      derivation.
+    * `digest`: sha256 hashed key derived from the `scrypt` operation. Is used
+      to verify if the password is correct.
     * `N`, `P`, `R`: Parameters used for the `scrypt` operation.
-  * The root key is symmetrically encrypted with the derived secret key, using the
-    `secretbox` method of the library [btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto).
-  * If the option `--noencryptwallet` is used, then the default passphrase `hello` is used
-    to encrypt the root key.
+  * The root key is symmetrically encrypted with the derived secret key, using
+    the `secretbox` method of the library
+    [btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto).
+  * If the option `--noencryptwallet` is used, then the default passphrase
+    `hello` is used to encrypt the root key.
 
 ## Generated macaroons
 
@@ -38,11 +43,11 @@ With the root key set up, `lnd` continues with creating three macaroon files:
 * `admin.macaroon`: Grants full read and write access to all gRPC commands.
   This is used by the `lncli` client.
 
-These three macaroons all have the location field set to `lnd` and have no conditions/first party caveats
-or third party caveats set.
+These three macaroons all have the location field set to `lnd` and have no
+conditions/first party caveats or third party caveats set.
 
-The access restrictions are implemented with a list of entity/action pairs that is mapped
-to the gRPC functions by the `rpcserver.go`. 
+The access restrictions are implemented with a list of entity/action pairs that
+is mapped to the gRPC functions by the `rpcserver.go`. 
 For example, the permissions for the `invoice.macaroon` looks like this:
 
 ```go
@@ -71,10 +76,14 @@ For example, the permissions for the `invoice.macaroon` looks like this:
 
 ## Constraints / First party caveats
 
-There are currently two constraints implemented that can be used by `lncli` to restrict the
-macaroon it uses to communicate with the gRPC interface. These can be found in `constraints.go`:
+There are currently two constraints implemented that can be used by `lncli` to
+restrict the macaroon it uses to communicate with the gRPC interface. These can
+be found in `constraints.go`:
 
-* `TimeoutConstraint`: Set a timeout in seconds after which the macaroon is no longer valid.
-  This constraint can be set by adding the parameter `--macaroontimeout xy` to the `lncli` command.
+* `TimeoutConstraint`: Set a timeout in seconds after which the macaroon is no
+  longer valid.
+  This constraint can be set by adding the parameter `--macaroontimeout xy` to
+  the `lncli` command.
 * `IPLockConstraint`: Locks the macaroon to a specific IP address.
-  This constraint can be set by adding the parameter `--macaroonip a.b.c.d` to the `lncli` command.
+  This constraint can be set by adding the parameter `--macaroonip a.b.c.d` to
+  the `lncli` command.

macaroons/service.go

@@ -85,7 +85,9 @@ func isRegistered(c *checkers.Checker, name string) bool {
 	}
 
 	for _, info := range c.Info() {
-		if info.Name == name && info.Prefix == "std" {
+		if info.Name == name &&
+			info.Prefix == "" &&
+			info.Namespace == "std" {
 			return true
 		}
 	}

macaroons/service_test.go

@@ -97,7 +97,7 @@ func TestNewService(t *testing.T) {
 // TestValidateMacaroon tests the validation of a macaroon that is in an
 // incoming context.
 func TestValidateMacaroon(t *testing.T) {
-	// First, initialize the service and unlock it
+	// First, initialize the service and unlock it.
 	tempDir := setupTestRootKeyStorage(t)
 	defer os.RemoveAll(tempDir)
 	service, err := macaroons.NewService(tempDir, macaroons.IPLockChecker)
@@ -123,7 +123,9 @@ func TestValidateMacaroon(t *testing.T) {
 
 	// Because the macaroons are always passed in a context, we need to
 	// mock one that has just the serialized macaroon as a value.
-	md := metadata.New(map[string]string{"macaroon": hex.EncodeToString(macaroonBinary)})
+	md := metadata.New(map[string]string{
+		"macaroon": hex.EncodeToString(macaroonBinary),
+	})
 	mockContext := metadata.NewIncomingContext(context.Background(), md)
 
 	// Finally, validate the macaroon against the required permissions.