Merge "identity: Fix displayed blessing name on add caveats page."
diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index 1639b9d..1c57547 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go
@@ -73,11 +73,6 @@
vlog.Fatalf("Failed to start RevocationManager: %v", err)
}
- bname, _, err := util.RootCertificateDetails(v23.GetPrincipal(ctx).BlessingStore().Default())
- if err != nil {
- vlog.Fatalf("Failed to get root Blessings name: %v", err)
- }
-
listenSpec := v23.GetListenSpec(ctx)
s := server.NewIdentityServer(
googleoauth,
@@ -85,7 +80,7 @@
reader,
revocationManager,
googleOAuthBlesserParams(googleoauth, revocationManager),
- caveats.NewBrowserCaveatSelector(*assetsPrefix, bname),
+ caveats.NewBrowserCaveatSelector(*assetsPrefix),
&emailClassifier,
*assetsPrefix,
*mountPrefix)
diff --git a/services/identity/internal/caveats/browser_caveat_selector.go b/services/identity/internal/caveats/browser_caveat_selector.go
index 37e1079..cbb0400 100644
--- a/services/identity/internal/caveats/browser_caveat_selector.go
+++ b/services/identity/internal/caveats/browser_caveat_selector.go
@@ -17,19 +17,18 @@
type browserCaveatSelector struct {
assetsPrefix string
- blessingName string
}
// NewBrowserCaveatSelector returns a caveat selector that renders a form in the
// to accept user caveat selections.
-func NewBrowserCaveatSelector(assetsPrefix, blessingName string) CaveatSelector {
- return &browserCaveatSelector{assetsPrefix, blessingName}
+func NewBrowserCaveatSelector(assetsPrefix string) CaveatSelector {
+ return &browserCaveatSelector{assetsPrefix}
}
-func (s *browserCaveatSelector) Render(blessingExtension, state, redirectURL string, w http.ResponseWriter, r *http.Request) error {
+func (s *browserCaveatSelector) Render(blessingName, state, redirectURL string, w http.ResponseWriter, r *http.Request) error {
tmplargs := struct {
- Email, Macaroon, MacaroonURL, AssetsPrefix, BlessingName string
- }{blessingExtension, state, redirectURL, s.assetsPrefix, s.blessingName}
+ BlessingName, Macaroon, MacaroonURL, AssetsPrefix string
+ }{blessingName, state, redirectURL, s.assetsPrefix}
w.Header().Set("Context-Type", "text/html")
if err := templates.SelectCaveats.Execute(w, tmplargs); err != nil {
return err
diff --git a/services/identity/internal/caveats/caveat_selector.go b/services/identity/internal/caveats/caveat_selector.go
index f0746b1..487c5a6 100644
--- a/services/identity/internal/caveats/caveat_selector.go
+++ b/services/identity/internal/caveats/caveat_selector.go
@@ -13,10 +13,10 @@
type CaveatSelector interface {
// Render renders the caveat input form. When the user has completed inputing caveats,
// Render should redirect to the specified redirect route.
- // blessingExtension is the extension used for the blessings that is being caveated.
+ // blessingName is the name used for the blessings that is being caveated.
// state is any state passed by the caller (e.g., for CSRF mitigation) and is returned by ParseSelections.
// redirectRoute is the route to be returned to.
- Render(blessingExtension, state, redirectURL string, w http.ResponseWriter, r *http.Request) error
+ Render(blessingName, state, redirectURL string, w http.ResponseWriter, r *http.Request) error
// ParseSelections parse the users choices of Caveats, and returns the information needed to create them,
// the state passed to Render, and any additionalExtension selected by the user to further extend the blessing.
ParseSelections(r *http.Request) (caveats []CaveatInfo, state string, additionalExtension string, err error)
diff --git a/services/identity/internal/identityd_test/main.go b/services/identity/internal/identityd_test/main.go
index 77672a5..f7977de 100644
--- a/services/identity/internal/identityd_test/main.go
+++ b/services/identity/internal/identityd_test/main.go
@@ -78,11 +78,7 @@
caveatSelector := caveats.NewMockCaveatSelector()
if *browser {
- bname, _, err := util.RootCertificateDetails(v23.GetPrincipal(ctx).BlessingStore().Default())
- if err != nil {
- vlog.Fatalf("Failed to get root Blessings name: %v", err)
- }
- caveatSelector = caveats.NewBrowserCaveatSelector(*assetsPrefix, bname)
+ caveatSelector = caveats.NewBrowserCaveatSelector(*assetsPrefix)
}
listenSpec := v23.GetListenSpec(ctx)
diff --git a/services/identity/internal/oauth/handler.go b/services/identity/internal/oauth/handler.go
index fcb6c41..c2de6ab 100644
--- a/services/identity/internal/oauth/handler.go
+++ b/services/identity/internal/oauth/handler.go
@@ -381,7 +381,19 @@
util.HTTPServerError(w, fmt.Errorf("failed to create new token: %v", err))
return
}
- if err := h.args.CaveatSelector.Render(email, outputMacaroon, redirectURL(h.args.Addr, sendMacaroonRoute), w, r); err != nil {
+ localBlessings := security.DefaultBlessingPatterns(h.args.Principal)
+ if len(localBlessings) == 0 {
+ vlog.Infof("server principal has no blessings: %v", h.args.Principal)
+ util.HTTPServerError(w, fmt.Errorf("failed to get server blessings"))
+ return
+ }
+ parts := []string{
+ string(localBlessings[0]),
+ h.args.EmailClassifier.Classify(email),
+ email,
+ }
+ fullBlessingName := strings.Join(parts, security.ChainSeparator)
+ if err := h.args.CaveatSelector.Render(fullBlessingName, outputMacaroon, redirectURL(h.args.Addr, sendMacaroonRoute), w, r); err != nil {
vlog.Errorf("Unable to invoke render caveat selector: %v", err)
util.HTTPServerError(w, err)
}
diff --git a/services/identity/internal/templates/caveats.go b/services/identity/internal/templates/caveats.go
index d5b8e3b..eef93ad 100644
--- a/services/identity/internal/templates/caveats.go
+++ b/services/identity/internal/templates/caveats.go
@@ -25,7 +25,7 @@
<span class="service-name">Identity Provider</span>
</nav>
<nav class="right">
- <a href="#">{{.Email}}</a>
+ <a href="#">{{.BlessingName}}</a>
</nav>
</header>
@@ -59,7 +59,7 @@
<label for="blessingExtension">Blessing name</label>
<div class="value">
- {{.BlessingName}}/{{.Email}}/
+ {{.BlessingName}}/
<input name="blessingExtension" type="text" placeholder="extension">
<input type="hidden" id="timezoneOffset" name="timezoneOffset">
</div>
