changed
hex_metadata.config
|
|
@@ -34,4 +34,4 @@
|
|
34
34
|
{<<"optional">>,false},
|
|
35
35
|
{<<"repository">>,<<"hexpm">>},
|
|
36
36
|
{<<"requirement">>,<<"~> 1.1">>}]]}.
|
|
37
|
- {<<"version">>,<<"0.3.0">>}.
|
|
37
|
+ {<<"version">>,<<"0.3.1">>}.
|
changed
lib/macaroon.ex
|
|
@@ -26,18 +26,18 @@ defmodule Macaroon do
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
@doc """
|
|
29
|
- Add a first-party caveat to a Macaroon provided a `caveat_predicate`
|
|
29
|
+ Add a first-party caveat to a Macaroon provided a `predicate`
|
|
30
30
|
"""
|
|
31
31
|
@spec add_first_party_caveat(Macaroon.Types.Macaroon.t(), binary) :: Macaroon.Types.Macaroon.t()
|
|
32
|
- def add_first_party_caveat(%Types.Macaroon{} = macaroon, caveat_predicate)
|
|
33
|
- when is_binary(caveat_predicate) do
|
|
32
|
+ def add_first_party_caveat(%Types.Macaroon{} = macaroon, predicate)
|
|
33
|
+ when is_binary(predicate) do
|
|
34
34
|
c =
|
|
35
35
|
Types.Caveat.build(
|
|
36
|
- caveat_id: caveat_predicate,
|
|
36
|
+ caveat_id: predicate,
|
|
37
37
|
party: :first
|
|
38
38
|
)
|
|
39
39
|
|
|
40
|
- new_sig = :crypto.hmac(:sha256, macaroon.signature, caveat_predicate)
|
|
40
|
+ new_sig = :crypto.hmac(:sha256, macaroon.signature, predicate)
|
|
41
41
|
|
|
42
42
|
%Types.Macaroon{
|
|
43
43
|
macaroon
|
|
|
@@ -47,7 +47,22 @@ defmodule Macaroon do
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
@doc """
|
|
50
|
- Add a third-party caveat to a Macaroon provided a `location`, `caveat_id`, and secret `caveat_key`
|
|
50
|
+ Add a third-party caveat to a Macaroon provided a `location`, `predicate`, and random secret `caveat_key`
|
|
51
|
+
|
|
52
|
+ `location` is a hint to where the client must go to prove this caveat
|
|
53
|
+
|
|
54
|
+ `predicate` is a string that contains `caveat_key` and the predicate we want to have this caveat assert
|
|
55
|
+ you should encrypt this in such a way that only the other party can decrypt it (pub/priv keys)
|
|
56
|
+
|
|
57
|
+ OR
|
|
58
|
+
|
|
59
|
+ retreieve an ID from the other service first and use that as the ID.
|
|
60
|
+
|
|
61
|
+ `caveat_key` is the freshly generated secret key that will be encrypted using the current signature of the Macaroon
|
|
62
|
+
|
|
63
|
+ `nonce` - you SHOULD NOT override this unless you know what you're doing (it defaults to secure random bytes)
|
|
64
|
+ it is used when encrypting the `caveat_key` and should never be static unless you are testing something that requires
|
|
65
|
+ the signature to be static.
|
|
51
66
|
"""
|
|
52
67
|
@spec add_third_party_caveat(
|
|
53
68
|
Macaroon.Types.Macaroon.t(),
|
|
|
@@ -59,11 +74,11 @@ defmodule Macaroon do
|
|
59
74
|
def add_third_party_caveat(
|
|
60
75
|
%Types.Macaroon{} = macaroon,
|
|
61
76
|
location,
|
|
62
|
- caveat_id,
|
|
77
|
+ predicate,
|
|
63
78
|
caveat_key,
|
|
64
79
|
nonce \\ nil
|
|
65
80
|
)
|
|
66
|
- when is_binary(location) and is_binary(caveat_id) and is_binary(caveat_key) do
|
|
81
|
+ when is_binary(location) and is_binary(predicate) and is_binary(caveat_key) do
|
|
67
82
|
derived_key =
|
|
68
83
|
caveat_key
|
|
69
84
|
|> Util.Crypto.create_derived_key()
|
|
|
@@ -79,13 +94,13 @@ defmodule Macaroon do
|
|
79
94
|
|
|
80
95
|
c =
|
|
81
96
|
Types.Caveat.build(
|
|
82
|
- caveat_id: caveat_id,
|
|
97
|
+ caveat_id: predicate,
|
|
83
98
|
location: location,
|
|
84
99
|
verification_key_id: verification_key_id,
|
|
85
100
|
party: :third
|
|
86
101
|
)
|
|
87
102
|
|
|
88
|
- concat_digest = Util.Crypto.hmac_concat(macaroon.signature, verification_key_id, caveat_id)
|
|
103
|
+ concat_digest = Util.Crypto.hmac_concat(macaroon.signature, verification_key_id, predicate)
|
|
89
104
|
|
|
90
105
|
%Types.Macaroon{
|
|
91
106
|
macaroon
|
|
|
@@ -98,7 +113,7 @@ defmodule Macaroon do
|
|
98
113
|
This prepares a Macaroon for delegation to another third-party authorization service.
|
|
99
114
|
Returns a "protected" (or bound) discharge Macaroon.
|
|
100
115
|
|
|
101
|
- `discharge_macaroon` - The Macaroon that will be sent to the third-party service.
|
|
116
|
+ `discharge_macaroon` - The Macaroon that will be sent back to the originating service
|
|
102
117
|
|
|
103
118
|
`macaroon` - The Macaroon that the `discharge_macaroon` will be bound to. (The "root" Macaroon)
|
|
104
119
|
"""
|
changed
lib/serializers/binary.ex
|
|
@@ -39,7 +39,6 @@ defmodule Macaroon.Serializers.Binary do
|
|
39
39
|
|
|
40
40
|
result =
|
|
41
41
|
Enum.reduce_while(cavs, <<>>, fn caveat, packet ->
|
|
42
|
- IO.inspect(caveat)
|
|
43
42
|
encoded =
|
|
44
43
|
case caveat.party do
|
|
45
44
|
:first -> encode_first_party_caveat_v1(caveat)
|
changed
lib/verification.ex
|
|
@@ -123,8 +123,6 @@ defmodule Macaroon.Verification do
|
|
123
123
|
if found_predicate do
|
|
124
124
|
true
|
|
125
125
|
else
|
|
126
|
- require IEx
|
|
127
|
-
|
|
128
126
|
Enum.find(params.callbacks, nil, fn callback ->
|
|
129
127
|
callback.(caveat.caveat_id) == true
|
|
130
128
|
end) != nil
|
changed
mix.exs
|
|
@@ -4,7 +4,7 @@ defmodule Macaroon.MixProject do
|
|
4
4
|
def project do
|
|
5
5
|
[
|
|
6
6
|
app: :macaroon,
|
|
7
|
- version: "0.3.0",
|
|
7
|
+ version: "0.3.1",
|
|
8
8
|
elixir: "~> 1.11",
|
|
9
9
|
start_permanent: Mix.env() == :prod,
|
|
10
10
|
deps: deps(),
|