Skip to content

Commit 143fc4c

Browse files
ellemoutonRoasbeef
ellemouton
authored and
Roasbeef
committed
macaroons: demo ChangePassword bug
This commits uses TestStoreChangePassword to demonstrate that currently the ChangePassword function only changes the password of the default root key and not that of other root keys. This will be fixed in an upcoming commit.
1 parent 51f0082 commit 143fc4c

File tree

1 file changed

+21
-8
lines changed

1 file changed

+21
-8
lines changed

macaroons/store_test.go

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -209,20 +209,29 @@ func TestStoreSetRootKey(t *testing.T) {
209209
}
210210

211211
// TestStoreChangePassword tests that the password for the store can be changed
212-
// without changing the root key.
212+
// without changing the root key. The test also demonstrates that currently,
213+
// this change is only applied to the root key at the default root key ID
214+
// location and not to other root keys. This will be fixed in an upcoming
215+
// commit.
213216
func TestStoreChangePassword(t *testing.T) {
214217
tempDir, store := newTestStore(t)
215218

216-
// The store must be unlocked to replace the root key.
219+
// The store must be unlocked to replace the root keys.
217220
err := store.ChangePassword(nil, nil)
218221
require.Equal(t, macaroons.ErrStoreLocked, err)
219222

220-
// Unlock the DB and read the current root key. This will need to stay
221-
// the same after changing the password for the test to succeed.
223+
// Unlock the DB and read the current default root key and one other
224+
// non-default root key. Both of these should stay the same after
225+
// changing the password but currently only the default root key is
226+
// re-encrypted correclty.
222227
pw := []byte("weks")
223228
err = store.CreateUnlock(&pw)
224229
require.NoError(t, err)
225-
rootKey, _, err := store.RootKey(defaultRootKeyIDContext)
230+
231+
rootKey1, _, err := store.RootKey(defaultRootKeyIDContext)
232+
require.NoError(t, err)
233+
234+
_, _, err = store.RootKey(nonDefaultRootKeyIDContext)
226235
require.NoError(t, err)
227236

228237
// Both passwords must be set.
@@ -256,9 +265,13 @@ func TestStoreChangePassword(t *testing.T) {
256265
err = store.CreateUnlock(&newPw)
257266
require.NoError(t, err)
258267

259-
// Finally read the root key from the DB using the new password and
260-
// make sure the root key stayed the same.
268+
// Finally, read the root keys from the DB using the new password and
269+
// make sure the default root key stayed the same but that the
270+
// non-default root key could not be decrypted.
261271
rootKeyDb, _, err := store.RootKey(defaultRootKeyIDContext)
262272
require.NoError(t, err)
263-
require.Equal(t, rootKey, rootKeyDb)
273+
require.Equal(t, rootKey1, rootKeyDb)
274+
275+
_, _, err = store.RootKey(nonDefaultRootKeyIDContext)
276+
require.ErrorContains(t, err, "unable to decrypt")
264277
}

0 commit comments

Comments
 (0)