remoting/host/third_party_auth_config.cc - Issue 966433002: Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError.

Side by Side Diff: remoting/host/third_party_auth_config.cc

Issue 966433002: Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/host/third_party_auth_config.h"

	6

	7 #include "base/logging.h"

	8 #include "base/values.h"

	9 #include "policy/policy_constants.h"

	10

	11 namespace remoting {

	12

	13 namespace key = ::policy::key;
	Sergey Ulanov 2015/02/27 03:05:19 nit: I don't think this is useful give that you re nit: I don't think this is useful give that you refer to key:: only 3 times in this file. Łukasz Anforowicz 2015/02/27 18:36:12 Done. Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > nit: I don't think this is useful give that you refer to key:: only 3 times in > this file. Done.
	14

	15 namespace {

	16

	17 bool ParseSecureUrl(const std::string& str, GURL* out) {
	Sergey Ulanov 2015/02/27 03:05:19 call it ParseUrlPolicy()? with current name accept call it ParseUrlPolicy()? with current name accepting empty strings makes no sense. Łukasz Anforowicz 2015/02/27 18:36:12 Done. Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > call it ParseUrlPolicy()? with current name accepting empty strings makes no > sense. Done.
	18 if (str.empty()) {

	19 *out = GURL();

	20 return true;

	21 }

	22

	23 GURL gurl(str);

	24 if (!gurl.is_valid()) {

	25 LOG(ERROR) << "Not a valid URL: " << str;

	26 return false;

	27 }

	28 if (!gurl.SchemeIsSecure()) {

	29 LOG(ERROR) << "Not a secure URL: " << str;

	30 return false;

	31 }

	32

	33 *out = gurl;

	34 return true;

	35 }

	36

	37 } // namespace

	38

	39 bool ThirdPartyAuthConfig::Parse(

	40 const std::string& token_url,

	41 const std::string& token_validation_url,

	42 const std::string& token_validation_cert_issuer,

	43 ThirdPartyAuthConfig* out) {
	Sergey Ulanov 2015/02/27 03:05:19 call it \|result\| call it \|result\| Łukasz Anforowicz 2015/02/27 18:36:12 Done. Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > call it \|result\| Done.
	44 bool success = true;

	45 ThirdPartyAuthConfig tmp;

	46

	47 // Extract raw values for the 3 individial fields.

	48 success &= ParseSecureUrl(token_url, &tmp.token_url);

	49 success &= ParseSecureUrl(token_validation_url, &tmp.token_validation_url);
	Sergey Ulanov 2015/02/27 03:05:19 I think the checks below make little sense if you I think the checks below make little sense if you fail to parse the urls. Just return here if we fail to parse either of the URLs? Łukasz Anforowicz 2015/02/27 18:36:12 Good point. Done. Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > I think the checks below make little sense if you fail to parse the urls. Just > return here if we fail to parse either of the URLs? Good point. Done.
	50 tmp.token_validation_cert_issuer = token_validation_cert_issuer;

	51

	52 // Validate inter-dependencies between the 3 fields.

	53 if (tmp.token_url.is_empty() ^ tmp.token_validation_url.is_empty()) {

	54 LOG(ERROR) << "TokenUrl and TokenValidationUrl "

	55 << "have to be specified together.";

	56 success = false;
	Sergey Ulanov 2015/02/27 03:05:19 return false? return false? Łukasz Anforowicz 2015/02/27 18:36:12 Done. It is indeed cleaner to only have a "local" Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > return false? Done. It is indeed cleaner to only have a "local" \|urls_valid\| variable and avoid having to check \|success\| before the final assignment.
	57 }

	58 if (!tmp.token_validation_cert_issuer.empty() && tmp.token_url.is_empty()) {

	59 LOG(ERROR) << "TokenValidationCertificateIssuer cannot be used "

	60 << "without TokenUrl and TokenValidationUrl.";

	61 success = false;
	Sergey Ulanov 2015/02/27 03:05:19 return false? return false? Łukasz Anforowicz 2015/02/27 18:36:12 Done. Show quoted text On 2015/02/27 03:05:19, Sergey Ulanov wrote: > return false? Done.
	62 }

	63

	64 if (success) {

	65 *out = tmp;

	66 }

	67 return success;

	68 }

	69

	70 namespace {

	71

	72 void ExtractHelper(const base::DictionaryValue& policy_dict,

	73 const std::string& policy_name,

	74 bool* policy_present,

	75 std::string* policy_value) {

	76 if (policy_dict.GetString(policy_name, policy_value)) {

	77 *policy_present = true;

	78 } else {

	79 policy_value->clear();

	80 }

	81 }

	82

	83 } // namespace

	84

	85 bool ThirdPartyAuthConfig::ExtractPolicyValues(

	86 const base::DictionaryValue& policy_dict,

	87 std::string* token_url,

	88 std::string* token_validation_url,

	89 std::string* token_validation_cert_issuer) {

	90 bool policies_present = false;

	91 ExtractHelper(policy_dict, key::kRemoteAccessHostTokenUrl, &policies_present,

	92 token_url);

	93 ExtractHelper(policy_dict, key::kRemoteAccessHostTokenValidationUrl,

	94 &policies_present, token_validation_url);

	95 ExtractHelper(policy_dict,

	96 key::kRemoteAccessHostTokenValidationCertificateIssuer,

	97 &policies_present, token_validation_cert_issuer);

	98 return policies_present;

	99 }

	100

	101 std::ostream& operator<<(std::ostream& os, const ThirdPartyAuthConfig& cfg) {

	102 if (cfg.is_empty()) {

	103 os << "<no 3rd party auth config specified>";

	104 } else {

	105 os << "TokenUrl = " << cfg.token_url << ", ";

	106 os << "TokenValidationUrl = " << cfg.token_validation_url << ", ";

	107 os << "TokenValidationCertificateIssuer = "

	108 << cfg.token_validation_cert_issuer;

	109 }

	110 return os;

	111 }

	112

	113 } // namespace remoting

OLD	NEW