FIX #86 - Fixed an issue where signing keys were not properly resolve…

…d for an account user. (#87)
nats-io · May 14, 2019 · e81db7c · e81db7c
1 parent 8cebc2d
commit e81db7c
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 8 deletions.
diff --git a/cmd/describeuser_test.go b/cmd/describeuser_test.go
@@ -146,7 +146,8 @@ func TestDescribeUser_Account(t *testing.T) {
 
 	ts.AddAccount(t, "A")
 	_, pub, kp := CreateAccountKey(t)
-	_, _, err := ExecuteCmd(createEditAccount(), "--account", "A", "-sk", pub)
+	_, _, err := ExecuteCmd(createEditAccount(), "--account", "A", "--sk", pub)
+	require.NoError(t, err)
 
 	// signed with default account key
 	ts.AddUser(t, "A", "aa")

diff --git a/cmd/edituser_test.go b/cmd/edituser_test.go
@@ -152,3 +152,53 @@ func Test_EditUser_Src(t *testing.T) {
 	require.NotNil(t, cc)
 	require.ElementsMatch(t, strings.Split(cc.Src, ","), []string{"192.0.1.0/8"})
 }
+
+func Test_EditUserSK(t *testing.T) {
+	ts := NewTestStore(t, "O")
+	t.Log(ts.Dir)
+
+	s, p, _ := CreateAccountKey(t)
+	ts.AddAccount(t, "A")
+	_, _, err := ExecuteCmd(HoistRootFlags(createEditAccount()), "-a", "A", "--sk", p)
+	require.NoError(t, err)
+
+	ac, err := ts.Store.ReadAccountClaim("A")
+	require.NoError(t, err)
+	require.Contains(t, ac.SigningKeys, p)
+
+	ts.AddUser(t, "A", "U")
+	uc, err := ts.Store.ReadUserClaim("A", "U")
+	require.NoError(t, err)
+	require.Equal(t, uc.Issuer, ac.Subject)
+
+	_, _, err = ExecuteCmd(HoistRootFlags(createEditUserCmd()), "-n", "U", "--allow-pub", "foo", "-K", string(s))
+	require.NoError(t, err)
+	uc, err = ts.Store.ReadUserClaim("A", "U")
+	require.NoError(t, err)
+	require.Equal(t, uc.Issuer, p)
+}
+
+func Test_EditUserAddedWithSK(t *testing.T) {
+	ts := NewTestStore(t, "O")
+	t.Log(ts.Dir)
+
+	s, p, sk := CreateAccountKey(t)
+	ts.AddAccount(t, "A")
+	_, _, err := ExecuteCmd(HoistRootFlags(createEditAccount()), "-a", "A", "--sk", p)
+	require.NoError(t, err)
+
+	ac, err := ts.Store.ReadAccountClaim("A")
+	require.NoError(t, err)
+	require.Contains(t, ac.SigningKeys, p)
+
+	ts.AddUserWithSigner(t, "A", "U", sk)
+	uc, err := ts.Store.ReadUserClaim("A", "U")
+	require.NoError(t, err)
+	require.Equal(t, uc.Issuer, p)
+
+	_, _, err = ExecuteCmd(HoistRootFlags(createEditUserCmd()), "-n", "U", "--allow-pub", "foo", "-K", string(s))
+	require.NoError(t, err)
+	uc, err = ts.Store.ReadUserClaim("A", "U")
+	require.NoError(t, err)
+	require.Equal(t, uc.Issuer, p)
+}
diff --git a/cmd/store/store.go b/cmd/store/store.go
@@ -288,7 +288,7 @@ func (s *Store) StoreClaim(data []byte) error {
 		if err != nil {
 			return err
 		}
-		issuer := gc.Issuer
+		issuer := uc.Issuer
 		if uc.IssuerAccount != "" {
 			issuer = uc.IssuerAccount
 		}
@@ -299,15 +299,13 @@ func (s *Store) StoreClaim(data []byte) error {
 		}
 		for _, i := range infos {
 			if i.IsDir() {
-				c, err := s.LoadClaim(Accounts, i.Name(), JwtName(i.Name()))
+				c, err := s.ReadAccountClaim(i.Name())
 				if err != nil {
 					return err
 				}
-				if c != nil {
-					if c.Subject == issuer {
-						account = i.Name()
-						break
-					}
+				if c != nil && c.DidSign(uc) {
+					account = i.Name()
+					break
 				}
 			}
 		}