Merge remote-tracking branch 'upstream/master'

timtheisen · timtheisen · commit 1c00d53ad561 · 2020-12-11T10:13:33.000-06:00
diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp
@@ -580,14 +580,17 @@ scitokens::Enforcer::scope_validator(const jwt::claim &claim, void *myself) {
 
         // If we are in compatibility mode and this is a WLCG token, then translate the authorization
         // names to utilize the SciToken-style names.
+        std::string alt_authz;
         if (me->m_validate_profile == SciToken::Profile::COMPAT &&
             me->m_validator.get_profile() == SciToken::Profile::WLCG_1_0) {
             if (authz == "storage.read") {
                 authz = "read";
-            } else if (authz == "storage.write") {
+            } else if (authz == "storage.create") {
                 authz = "write";
+                alt_authz = "create";
             } else if (authz == "storage.modify") {
                 authz = "write";
+                alt_authz = "modify";
             } else if (authz == "compute.read") {
                 authz = "condor:/READ";
             } else if (authz == "compute.modify") {
@@ -601,7 +604,8 @@ scitokens::Enforcer::scope_validator(const jwt::claim &claim, void *myself) {
 
         if (me->m_test_authz.empty()) {
             me->m_gen_acls.emplace_back(authz, path);
-        } else if ((me->m_test_authz == authz) &&
+            if (!alt_authz.empty()) me->m_gen_acls.emplace_back(alt_authz, path);
+        } else if (((me->m_test_authz == authz) || (!alt_authz.empty() &&  (me->m_test_authz == alt_authz))) &&
                    (requested_path.substr(0, path.size()) == path)) {
             return true;
         }
diff --git a/src/scitokens_internal.h b/src/scitokens_internal.h
@@ -390,7 +390,7 @@ class Validator {
                  }
              }
              // std::cout << "Running claim " << claim_pair.first << " through validation." << std::endl;
-             if (iter != m_validators.end()) for (const auto verification_func : iter->second) {
+             if (iter != m_validators.end()) for (const auto &verification_func : iter->second) {
                  const jwt::claim &claim = jwt.get_payload_claim(claim_pair.first);
                  if (claim.get_type() != jwt::claim::type::string) {
                      std::stringstream ss;
@@ -409,7 +409,7 @@ class Validator {
                      }
                  }
              }
-             if (iter_claim != m_claim_validators.end()) for (const auto verification_pair : iter_claim->second) {
+             if (iter_claim != m_claim_validators.end()) for (const auto &verification_pair : iter_claim->second) {
                  const jwt::claim &claim = jwt.get_payload_claim(claim_pair.first);
                  if (verification_pair.first(claim, verification_pair.second) == false) {
                      std::stringstream ss;

Original file line number	Diff line number	Diff line change
`@@ -390,7 +390,7 @@ class Validator {`
`390`	`390`	`}`
`391`	`391`	`}`
`392`	`392`	`// std::cout << "Running claim " << claim_pair.first << " through validation." << std::endl;`
`393`		`- if (iter != m_validators.end()) for (const auto verification_func : iter->second) {`
	`393`	`+ if (iter != m_validators.end()) for (const auto &verification_func : iter->second) {`
`394`	`394`	`const jwt::claim &claim = jwt.get_payload_claim(claim_pair.first);`
`395`	`395`	`if (claim.get_type() != jwt::claim::type::string) {`
`396`	`396`	`std::stringstream ss;`
`@@ -409,7 +409,7 @@ class Validator {`
`409`	`409`	`}`
`410`	`410`	`}`
`411`	`411`	`}`
`412`		`- if (iter_claim != m_claim_validators.end()) for (const auto verification_pair : iter_claim->second) {`
	`412`	`+ if (iter_claim != m_claim_validators.end()) for (const auto &verification_pair : iter_claim->second) {`
`413`	`413`	`const jwt::claim &claim = jwt.get_payload_claim(claim_pair.first);`
`414`	`414`	`if (verification_pair.first(claim, verification_pair.second) == false) {`
`415`	`415`	`std::stringstream ss;`