Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/gaeauth/server/db.go

Issue 2386643003: auth: Make luci-go services trust signatures produced by the token server. (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | server/auth/auth.go » ('j') | server/auth/auth_test.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The LUCI Authors. All rights reserved. 1 // Copyright 2015 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package server 5 package server
6 6
7 import ( 7 import (
8 "errors" 8 "errors"
9 "net" 9 "net"
10 10
11 "golang.org/x/net/context" 11 "golang.org/x/net/context"
12 12
13 "github.com/luci/gae/service/info" 13 "github.com/luci/gae/service/info"
14 "github.com/luci/luci-go/appengine/gaeauth/server/internal/authdbimpl" 14 "github.com/luci/luci-go/appengine/gaeauth/server/internal/authdbimpl"
15 "github.com/luci/luci-go/common/clock" 15 "github.com/luci/luci-go/common/clock"
16 "github.com/luci/luci-go/common/logging" 16 "github.com/luci/luci-go/common/logging"
17 "github.com/luci/luci-go/server/auth/authdb" 17 "github.com/luci/luci-go/server/auth/authdb"
18 "github.com/luci/luci-go/server/auth/identity" 18 "github.com/luci/luci-go/server/auth/identity"
19 "github.com/luci/luci-go/server/auth/signing"
19 "github.com/luci/luci-go/server/secrets" 20 "github.com/luci/luci-go/server/secrets"
20 ) 21 )
21 22
22 // errNotConfigured is returned on real GAE if auth service URL is not set. 23 // errNotConfigured is returned on real GAE if auth service URL is not set.
23 var errNotConfigured = errors.New( 24 var errNotConfigured = errors.New(
24 "Auth Service URL is not configured, you MUST configure it for apps used " + 25 "Auth Service URL is not configured, you MUST configure it for apps used " +
25 "in production, visit /admin/settings/auth_service to do so.") 26 "in production, visit /admin/settings/auth_service to do so.")
26 27
27 // GetAuthDB fetches AuthDB snapshot from the datastore and returns authdb.DB 28 // GetAuthDB fetches AuthDB snapshot from the datastore and returns authdb.DB
28 // interface wrapping it. 29 // interface wrapping it.
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 return true, nil 88 return true, nil
88 } 89 }
89 90
90 func (devServerDB) IsMember(c context.Context, id identity.Identity, group strin g) (bool, error) { 91 func (devServerDB) IsMember(c context.Context, id identity.Identity, group strin g) (bool, error) {
91 if !info.IsDevAppServer(c) { 92 if !info.IsDevAppServer(c) {
92 return false, errNotConfigured 93 return false, errNotConfigured
93 } 94 }
94 return id.Kind() != identity.Anonymous, nil 95 return id.Kind() != identity.Anonymous, nil
95 } 96 }
96 97
97 func (devServerDB) SharedSecrets(c context.Context) (secrets.Store, error) { 98 func (devServerDB) SharedSecrets(c context.Context) (secrets.Store, error) {
Vadim Sh. 2016/10/03 20:47:12 This is used on local devserver and only on devser
98 return nil, errNotConfigured 99 return nil, errNotConfigured
99 } 100 }
100 101
102 func (devServerDB) GetCertificates(c context.Context, id identity.Identity) (*si gning.PublicCertificates, error) {
103 return nil, errNotConfigured
104 }
105
101 func (devServerDB) GetWhitelistForIdentity(c context.Context, ident identity.Ide ntity) (string, error) { 106 func (devServerDB) GetWhitelistForIdentity(c context.Context, ident identity.Ide ntity) (string, error) {
102 return "", nil 107 return "", nil
103 } 108 }
104 109
105 func (devServerDB) IsInWhitelist(c context.Context, ip net.IP, whitelist string) (bool, error) { 110 func (devServerDB) IsInWhitelist(c context.Context, ip net.IP, whitelist string) (bool, error) {
106 return false, nil 111 return false, nil
107 } 112 }
108 113
109 func (devServerDB) GetAuthServiceURL(c context.Context) (string, error) { 114 func (devServerDB) GetAuthServiceURL(c context.Context) (string, error) {
110 return "", errNotConfigured 115 return "", errNotConfigured
111 } 116 }
112 117
113 func (devServerDB) GetTokenServiceURL(c context.Context) (string, error) { 118 func (devServerDB) GetTokenServiceURL(c context.Context) (string, error) {
114 return "", errNotConfigured 119 return "", errNotConfigured
115 } 120 }
OLDNEW
« no previous file with comments | « no previous file | server/auth/auth.go » ('j') | server/auth/auth_test.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698