From 9cf3ff72a3c2debf0af09438cf4cbf7edc181e0b Mon Sep 17 00:00:00 2001 From: vishalsodani Date: Thu, 27 Oct 2022 12:56:18 +0530 Subject: [PATCH] fix checking of master key as per review comment --- meilisearch-auth/src/lib.rs | 15 ---------- .../src/extractors/authentication/mod.rs | 28 +++++++++---------- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/meilisearch-auth/src/lib.rs b/meilisearch-auth/src/lib.rs index d27d98b4d..43183d4cf 100644 --- a/meilisearch-auth/src/lib.rs +++ b/meilisearch-auth/src/lib.rs @@ -173,28 +173,13 @@ impl AuthController { pub struct AuthFilter { pub search_rules: SearchRules, pub allow_index_creation: bool, - master_key_missing: bool, } -impl AuthFilter { - pub fn with_no_master_key() -> AuthFilter { - AuthFilter { - search_rules: SearchRules::default(), - allow_index_creation: true, - master_key_missing: true, - } - } - - pub fn is_missing_master_key(&self) -> bool { - self.master_key_missing - } -} impl Default for AuthFilter { fn default() -> Self { Self { search_rules: SearchRules::default(), allow_index_creation: true, - master_key_missing: false, } } } diff --git a/meilisearch-http/src/extractors/authentication/mod.rs b/meilisearch-http/src/extractors/authentication/mod.rs index 18093b666..7497d6377 100644 --- a/meilisearch-http/src/extractors/authentication/mod.rs +++ b/meilisearch-http/src/extractors/authentication/mod.rs @@ -48,22 +48,23 @@ impl GuardedData { where P: Policy + 'static, { + let auth_clone = auth.clone(); + let master_key: Option<&String> = auth_clone.get_master_key(); + match Self::authenticate(auth, String::new(), None).await? { Some(filters) => match data { - Some(data) => { - if filters.is_missing_master_key() { - Err(AuthenticationError::MissingMasterKey.into()) - } else { - Ok(Self { - data, - filters, - _marker: PhantomData, - }) - } - } + Some(data) => Ok(Self { + data, + filters, + _marker: PhantomData, + }), + None => Err(AuthenticationError::IrretrievableState.into()), }, - None => Err(AuthenticationError::MissingAuthorizationHeader.into()), + None => match master_key { + Some(_) => Err(AuthenticationError::MissingAuthorizationHeader.into()), + None => Err(AuthenticationError::MissingMasterKey.into()), + }, } } @@ -177,9 +178,6 @@ pub mod policies { token: &str, index: Option<&str>, ) -> Option { - if auth.get_master_key().is_none() && is_keys_action(A) { - return Some(AuthFilter::with_no_master_key()); - } // authenticate if token is the master key. // master key can only have access to keys routes. // if master key is None only keys routes are inaccessible.