Fixes Auth Issue (#2064)

2019-05-28 16:32:51 +02:00 · 2019-05-28 16:32:51 +02:00 · 8912d7149c
commit 8912d7149c
parent 5a4ff2c855
4 changed files with 13 additions and 5 deletions
--- a/internal/testplanet/planet.go
+++ b/internal/testplanet/planet.go
@ -499,8 +499,9 @@ func (planet *Planet) newSatellites(count int) ([]*satellite.Peer, error) {
 				AuthType:          "simulate",
 			},
 			Console: consoleweb.Config{
-				Address:      "127.0.0.1:0",
-				PasswordCost: console.TestPasswordCost,
+				Address:         "127.0.0.1:0",
+				PasswordCost:    console.TestPasswordCost,
+				AuthTokenSecret: "my-suppa-secret-key",
 			},
 			Version: planet.NewVersionConfig(),
 		}
--- a/satellite/console/consoleweb/server.go
+++ b/satellite/console/consoleweb/server.go
@ -47,7 +47,8 @@ type Config struct {
 	ExternalAddress string `help:"external endpoint of the satellite if hosted" default:""`

 	// TODO: remove after Vanguard release
-	AuthToken string `help:"auth token needed for access to registration token creation endpoint" default:""`
+	AuthToken       string `help:"auth token needed for access to registration token creation endpoint" default:""`
+	AuthTokenSecret string `help:"secret used to sign auth tokens" releaseDefault:"" devDefault:"my-suppa-secret-key"`

 	PasswordCost int `internal:"true" help:"password hashing cost (0=automatic)" default:"0"`
 }
--- a/satellite/peer.go
+++ b/satellite/peer.go
@ -512,10 +512,13 @@ func New(log *zap.Logger, full *identity.FullIdentity, db DB, config *Config, ve
 			return nil, errs.Combine(err, peer.Close())
 		}

+		if consoleConfig.AuthTokenSecret == "" {
+			return nil, errs.New("Auth token secret required")
+		}
+
 		peer.Console.Service, err = console.NewService(
 			peer.Log.Named("console:service"),
-			// TODO(yar): use satellite key
-			&consoleauth.Hmac{Secret: []byte("my-suppa-secret-key")},
+			&consoleauth.Hmac{Secret: []byte(consoleConfig.AuthTokenSecret)},
 			peer.DB.Console(),
 			consoleConfig.PasswordCost,
 		)
--- a/scripts/testdata/satellite-config.yaml.lock
+++ b/scripts/testdata/satellite-config.yaml.lock
@ -16,6 +16,9 @@
 # auth token needed for access to registration token creation endpoint
 # console.auth-token: ""

+# secret used to sign auth tokens
+# console.auth-token-secret: ""
+
 # external endpoint of the satellite if hosted
 # console.external-address: ""