Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for third party block reuse #230

Open
wants to merge 16 commits into
base: v5
Choose a base branch
from
Open

Fix for third party block reuse #230

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
2e8c010
update format
Geal Oct 19, 2024
1903948
wip
Geal Oct 19, 2024
daa273f
missing case
Geal Oct 19, 2024
e2848b9
cleanup
Geal Oct 19, 2024
9f20e5c
fix serializatin and add a test
Geal Oct 20, 2024
479308d
Apply suggestions from code review
Geal Oct 20, 2024
b8a336a
Merge branch 'v5' into geal/third-party-reuse
Geal Nov 3, 2024
adfe31d
missing fixtures
Geal Nov 3, 2024
e8b84c8
Merge branch 'v5' into geal/third-party-reuse
Geal Nov 4, 2024
cfeb39f
update sample printouts
Geal Nov 4, 2024
f76d405
move signature verification in a separate function
Geal Nov 4, 2024
ffefad4
separate ethods for signature payload generation
Geal Nov 5, 2024
81f1e44
other functions for payload generation
Geal Nov 5, 2024
973da5f
Merge branch 'v5' into geal/third-party-reuse
Geal Nov 10, 2024
d939bc9
updated samples
Geal Nov 10, 2024
4c2b1ad
add the payload version and separators to the signed payload
Geal Nov 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 45 additions & 72 deletions biscuit-auth/samples/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1835,7 +1835,7 @@ allow if true;

revocation ids:
- `470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03`
- `342167bc54bc642b6718a276875e55b6d39e9b21e4ce13b926a3d398b6c057fc436385bf4c817a16f9ecdf0b0d950e8b8258a20aeb3fd8896c5e9c1f0a53da03`
- `8556bc91ed8bd1e4c0b6b37bead75d91d332c4144d72e7db715e6300732dc691dbd1f444f1a7a07be8bac60358bf14330b5b8963685490cfb648df879efc9e0a`

authorizer world:
```
Expand Down Expand Up @@ -2097,9 +2097,9 @@ allow if true;

revocation ids:
- `3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04`
- `6528db2c9a561ada9086268549a600a8a52ff434ea8183812623eec0e9b6c5d3c41ab7868808623021d92294d583afdf92f4354bcdaa1bc50453e1b89afd630d`
- `5d5679fe69bfe74b7919323515e9ecba9d01422b16be9341b57f88e695b2bb0bd7966b781001d2b9e00ee618fdc239c96e17e32cb379f13f12d6bd7b1b47ad04`
- `c37bf24c063f0310eccab8864e48dbeffcdd7240b4f8d1e01eba4fc703e6c9082b845bb55543b10f008dc7f4e78540411912ac1f36fa2aa90011dca40f323b09`
- `87ce330211e0bca95aebcbbe349c954473f49e6593b6fee34f2be93122d4f930f0fc2dedfc1721b9d2e5346befb97aef75c28a13cc2647bb99e499ceb565470d`
- `f3dc02647a3c011e87dda6050fbd67c2e037454f186eb4ba0c029c0da7b0eb309c7d24ad5f073571b11876ef9bb7955ecb462c00457a258c4e1ba4eafbae420c`
- `88c9eea7c2e17409ce542a0e8fe78c53627fc2346ffde3d8d280eb86250c6c84efa5d84ea1f644a7bcfdfc68e2efc07350132c7fc80061014fa9d678c201b20a`
- `3f675d6c364e06405d4868c904e40f3d81c32b083d91586db814d4cb4bf536b4ba209d82f11b4cb6da293b60b20d6122fc3e0e08e80c381dee83edd848211900`

authorizer world:
Expand Down Expand Up @@ -2657,97 +2657,70 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB
### token

authority:
symbols: ["fact", "value", "fact2"]
symbols: ["abcD12", "abcD12x"]

public keys: []

```
check if fact(1, $value), 1 == $value;
check if fact2(1, $value), 1 != $value;
check if true == true;
check if false != false;
check if 1 != true;
check if 1 == 1;
check if 1 != 3;
check if 1 != true;
check if "abcD12" == "abcD12";
check if "abcD12x" != "abcD12";
check if "abcD12x" != true;
check if 2022-12-04T09:46:41Z == 2022-12-04T09:46:41Z;
check if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z;
check if 2022-12-04T09:46:41Z != true;
check if hex:12abcd == hex:12abcd;
check if hex:12abcd != hex:12ab;
check if hex:12abcd != true;
check if {1, 2} == {1, 2};
check if {1, 4} != {1, 2};
check if {1, 4} != true;
```

### validation for "authorized same type"

authorizer code:
```
fact(1, 1);
fact2(1, 2);

allow if true;
```

revocation ids:
- `d65b3aeceb6268124190f5eb87788a5eb81c89a3fc8370c9a3ea362731c55660b2b390ca6270e68afab90862bd2bbb808aa6b5576c975ae773a992a2434c930d`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(1, 1)",
"fact2(1, 2)",
],
},
]
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(1, $value), 1 == $value",
"check if fact2(1, $value), 1 != $value",
],
},
]
policies: [
"allow if true",
]
}
```

result: `Ok(0)`
### validation for "unauthorized failed logic different type"
### validation

authorizer code:
```
fact(1, true);
fact2(1, false);

allow if true;
```

revocation ids:
- `d65b3aeceb6268124190f5eb87788a5eb81c89a3fc8370c9a3ea362731c55660b2b390ca6270e68afab90862bd2bbb808aa6b5576c975ae773a992a2434c930d`
- `4af245a2504ec00809bd0cd8d20ceaaac35f8ec5aaa8c7d3fd6652b126d2bf246d64fec8f0e65c409b196d4a60c9723dd4fbb3328988790e97fc4e08e9528208`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(1, true)",
"fact2(1, false)",
],
},
]
facts: []
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(1, $value), 1 == $value",
"check if fact2(1, $value), 1 != $value",
"check if \"abcD12\" == \"abcD12\"",
"check if \"abcD12x\" != \"abcD12\"",
"check if \"abcD12x\" != true",
"check if 1 != 3",
"check if 1 != true",
"check if 1 != true",
"check if 1 == 1",
"check if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z",
"check if 2022-12-04T09:46:41Z != true",
"check if 2022-12-04T09:46:41Z == 2022-12-04T09:46:41Z",
"check if false != false",
"check if hex:12abcd != hex:12ab",
"check if hex:12abcd != true",
"check if hex:12abcd == hex:12abcd",
"check if true == true",
"check if {1, 2} == {1, 2}",
"check if {1, 4} != true",
"check if {1, 4} != {1, 2}",
],
},
]
Expand All @@ -2757,7 +2730,7 @@ World {
}
```

result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(1, $value), 1 == $value" })] }))`
result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 1, rule: "check if false != false" })] }))`


------------------------------
Expand Down
8 changes: 4 additions & 4 deletions biscuit-auth/samples/samples.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1795,7 +1795,7 @@
"authorizer_code": "allow if true;\n",
"revocation_ids": [
"470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03",
"342167bc54bc642b6718a276875e55b6d39e9b21e4ce13b926a3d398b6c057fc436385bf4c817a16f9ecdf0b0d950e8b8258a20aeb3fd8896c5e9c1f0a53da03"
"8556bc91ed8bd1e4c0b6b37bead75d91d332c4144d72e7db715e6300732dc691dbd1f444f1a7a07be8bac60358bf14330b5b8963685490cfb648df879efc9e0a"
]
}
}
Expand Down Expand Up @@ -2087,9 +2087,9 @@
"authorizer_code": "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\nallow if true;\n",
"revocation_ids": [
"3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04",
"6528db2c9a561ada9086268549a600a8a52ff434ea8183812623eec0e9b6c5d3c41ab7868808623021d92294d583afdf92f4354bcdaa1bc50453e1b89afd630d",
"5d5679fe69bfe74b7919323515e9ecba9d01422b16be9341b57f88e695b2bb0bd7966b781001d2b9e00ee618fdc239c96e17e32cb379f13f12d6bd7b1b47ad04",
"c37bf24c063f0310eccab8864e48dbeffcdd7240b4f8d1e01eba4fc703e6c9082b845bb55543b10f008dc7f4e78540411912ac1f36fa2aa90011dca40f323b09",
"87ce330211e0bca95aebcbbe349c954473f49e6593b6fee34f2be93122d4f930f0fc2dedfc1721b9d2e5346befb97aef75c28a13cc2647bb99e499ceb565470d",
"f3dc02647a3c011e87dda6050fbd67c2e037454f186eb4ba0c029c0da7b0eb309c7d24ad5f073571b11876ef9bb7955ecb462c00457a258c4e1ba4eafbae420c",
"88c9eea7c2e17409ce542a0e8fe78c53627fc2346ffde3d8d280eb86250c6c84efa5d84ea1f644a7bcfdfc68e2efc07350132c7fc80061014fa9d678c201b20a",
"3f675d6c364e06405d4868c904e40f3d81c32b083d91586db814d4cb4bf536b4ba209d82f11b4cb6da293b60b20d6122fc3e0e08e80c381dee83edd848211900"
]
}
Expand Down
Binary file modified biscuit-auth/samples/test024_third_party.bc
View file
Open in desktop
Binary file not shown.
Binary file modified biscuit-auth/samples/test026_public_keys_interning.bc
View file
Open in desktop
Binary file not shown.
Loading
Loading