1057637229

Committed 01 Nov 2023 01:17PM UTC coverage: 79.933% (-0.3%) from 80.207%

Build # 1057637229

Build Type

push

gitlab-ci

Committed by

oleorhagen

Commit Message

chore: Alias mender-authd.service -> mender-client.service

This aliases the systemd.service for `mender-authd` to `mender-client`, so that
other existing third-party services relying on it will still work transparently.

Ticket: MEN-6812

Signed-off-by: Ole Petter <ole.orhagen@northern.tech>

Run Details

6899 of 8631 relevant lines covered (79.93%)

9322.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.78

/src/mender-auth/ipc/server.cpp

// Copyright 2023 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

#include <mender-auth/ipc/server.hpp>

#include <functional>
#include <iostream>
#include <string>

#include <api/auth.hpp>
#include <common/crypto.hpp>
#include <common/dbus.hpp>
#include <common/error.hpp>
#include <common/expected.hpp>
#include <common/log.hpp>

namespace mender {
namespace auth {
namespace ipc {

namespace crypto = mender::common::crypto;
namespace auth_client = mender::api::auth;
namespace dbus = mender::common::dbus;
namespace error = mender::common::error;
namespace expected = mender::common::expected;


using namespace std;

// Register DBus object handling auth methods and signals
error::Error AuthenticatingForwarder::Listen(
        const crypto::Args &args, const string &identity_script_path) {
        // Cannot serve new tokens when not knowing where to fetch them from.
        AssertOrReturnError(servers_.size() > 0);

        auto dbus_obj = make_shared<dbus::DBusObject>("/io/mender/AuthenticationManager");
        dbus_obj->AddMethodHandler<dbus::ExpectedStringPair>(
                "io.mender.Authentication1", "GetJwtToken", [this]() {
                        return dbus::StringPair {GetJWTToken(), GetServerURL()};
                });
        dbus_obj->AddMethodHandler<expected::ExpectedBool>(
                "io.mender.Authentication1", "FetchJwtToken", [this, args, identity_script_path]() {
                        if (auth_in_progress_) {
                                // Already authenticating, nothing to do here.
                                return true;
                        }
                        auto err = auth_client::FetchJWTToken(
                                client_,
                                servers_,
                                args,
                                identity_script_path == "" ? default_identity_script_path_ : identity_script_path,
                                [this](auth_client::APIResponse resp) { FetchJwtTokenHandler(resp); },
                                tenant_token_);
                        if (err != error::NoError) {
                                log::Error("Failed to trigger token fetching: " + err.String());
                                return false;
                        }
                        auth_in_progress_ = true;
                        return true;
                });

        return dbus_server_.AdvertiseObject(dbus_obj);
}

void AuthenticatingForwarder::FetchJwtTokenHandler(auth_client::APIResponse &resp) {
        auth_in_progress_ = false;

        forwarder_.Cancel();

        if (resp) {
                // ":0" port number means pick random port in user range.
                auto err = forwarder_.AsyncForward("http://127.0.0.1:0", resp.value().server_url);
                if (err == error::NoError) {
                        Cache(resp.value().token, forwarder_.GetUrl());
                } else {
                        // Should not happen, but as a desperate response, give the remote url to
                        // clients instead of our local one. At least then they might be able to
                        // connect, it just won't be through the proxy.
                        log::Error("Unable to start a local HTTP proxy: " + err.String());
                        Cache(resp.value().token, resp.value().server_url);
                }

                log::Info("Successfully received new authorization data");
                dbus_server_.EmitSignal<dbus::StringPair>(
                        "/io/mender/AuthenticationManager",
                        "io.mender.Authentication1",
                        "JwtTokenStateChange",
                        dbus::StringPair {cached_jwt_token_, cached_server_url_});
        } else {
                ClearCache();
                log::Error("Failed to fetch new token: " + resp.error().String());
        }
}

} // namespace ipc
} // namespace auth
} // namespace mender

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	#include <mender-auth/ipc/server.hpp>
16
17	#include <functional>
18	#include <iostream>
19	#include <string>
20
21	#include <api/auth.hpp>
22	#include <common/crypto.hpp>
23	#include <common/dbus.hpp>
24	#include <common/error.hpp>
25	#include <common/expected.hpp>
26	#include <common/log.hpp>
27
28	namespace mender {
29	namespace auth {
30	namespace ipc {
31
32	namespace crypto = mender::common::crypto;
33	namespace auth_client = mender::api::auth;
34	namespace dbus = mender::common::dbus;
35	namespace error = mender::common::error;
36	namespace expected = mender::common::expected;
37
38
39	using namespace std;
40
41	// Register DBus object handling auth methods and signals
42	error::Error AuthenticatingForwarder::Listen(	3✔
43	const crypto::Args &args, const string &identity_script_path) {
44	// Cannot serve new tokens when not knowing where to fetch them from.
45	AssertOrReturnError(servers_.size() > 0);	3✔
46
47	auto dbus_obj = make_shared<dbus::DBusObject>("/io/mender/AuthenticationManager");	3✔
48	dbus_obj->AddMethodHandler<dbus::ExpectedStringPair>(	3✔
49	"io.mender.Authentication1", "GetJwtToken", [this]() {	1✔
50	return dbus::StringPair {GetJWTToken(), GetServerURL()};	2✔
51	});	6✔
52	dbus_obj->AddMethodHandler<expected::ExpectedBool>(	3✔
53	"io.mender.Authentication1", "FetchJwtToken", [this, args, identity_script_path]() {	6✔
54	if (auth_in_progress_) {	2✔
55	// Already authenticating, nothing to do here.
56	return true;
57	}
58	auto err = auth_client::FetchJWTToken(
59	client_,	2✔
60	servers_,
61	args,	2✔
62	identity_script_path == "" ? default_identity_script_path_ : identity_script_path,	2✔
63	[this](auth_client::APIResponse resp) { FetchJwtTokenHandler(resp); },	2✔
64	tenant_token_);	2✔
65	if (err != error::NoError) {	2✔
66	log::Error("Failed to trigger token fetching: " + err.String());	×
67	return false;	×
68	}
69	auth_in_progress_ = true;	2✔
70	return true;	2✔
71	});	6✔
72
73	return dbus_server_.AdvertiseObject(dbus_obj);	6✔
74	}
75
76	void AuthenticatingForwarder::FetchJwtTokenHandler(auth_client::APIResponse &resp) {	2✔
77	auth_in_progress_ = false;	2✔
78
79	forwarder_.Cancel();	2✔
80
81	if (resp) {	2✔
82	// ":0" port number means pick random port in user range.
83	auto err = forwarder_.AsyncForward("http://127.0.0.1:0", resp.value().server_url);	4✔
84	if (err == error::NoError) {	2✔
85	Cache(resp.value().token, forwarder_.GetUrl());	4✔
86	} else {
87	// Should not happen, but as a desperate response, give the remote url to
88	// clients instead of our local one. At least then they might be able to
89	// connect, it just won't be through the proxy.
90	log::Error("Unable to start a local HTTP proxy: " + err.String());	×
91	Cache(resp.value().token, resp.value().server_url);	×
92	}
93
94	log::Info("Successfully received new authorization data");	4✔
95	dbus_server_.EmitSignal<dbus::StringPair>(	2✔
96	"/io/mender/AuthenticationManager",
97	"io.mender.Authentication1",
98	"JwtTokenStateChange",
99	dbus::StringPair {cached_jwt_token_, cached_server_url_});	4✔
100	} else {
101	ClearCache();	×
102	log::Error("Failed to fetch new token: " + resp.error().String());	×
103	}
104	}	2✔
105
106	} // namespace ipc
107	} // namespace auth
108	} // namespace mender

mendersoftware / mender / 1057637229

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous