multi: depricate UIPassword session type

ellemouton · ellemouton · commit 22b94322a9a2 · 2022-05-16T14:48:02.000+02:00
diff --git a/itest/litd_mode_integrated_test.go b/itest/litd_mode_integrated_test.go
@@ -335,9 +335,8 @@ func testModeIntegrated(net *NetworkHarness, t *harnessTest) {
 			endpoint := endpoint
 			tt.Run(endpoint.name+" lit port", func(ttt *testing.T) {
 				runLNCAuthTest(
-					ttt, cfg.LitAddr(), cfg.UIPassword,
-					cfg.TLSCertPath,
-					endpoint.requestFn,
+					ttt, cfg.LitAddr(), cfg.TLSCertPath,
+					cfg.LitMacPath, endpoint.requestFn,
 					endpoint.successPattern,
 					endpoint.allowedThroughLNC,
 				)
@@ -583,7 +582,7 @@ func runRESTAuthTest(t *testing.T, hostPort, uiPassword, macaroonPath, restURI,
 
 // runLNCAuthTest tests authentication of the given interface when connecting
 // through Lightning Node Connect.
-func runLNCAuthTest(t *testing.T, hostPort, uiPassword, tlsCertPath string,
+func runLNCAuthTest(t *testing.T, hostPort, tlsCertPath, macPath string,
 	makeRequest requestFn, successContent string, callAllowed bool) {
 
 	ctxb := context.Background()
@@ -593,11 +592,14 @@ func runLNCAuthTest(t *testing.T, hostPort, uiPassword, tlsCertPath string,
 	rawConn, err := connectRPC(ctxt, hostPort, tlsCertPath)
 	require.NoError(t, err)
 
+	macBytes, err := ioutil.ReadFile(macPath)
+	require.NoError(t, err)
+	ctxlm := macaroonContext(ctxt, macBytes)
+
 	// We first need to create an LNC session that we can use to connect.
 	// We use the UI password to create the session.
-	ctxm := uiPasswordContext(ctxt, uiPassword, true)
 	litClient := litrpc.NewSessionsClient(rawConn)
-	sessResp, err := litClient.AddSession(ctxm, &litrpc.AddSessionRequest{
+	sessResp, err := litClient.AddSession(ctxlm, &litrpc.AddSessionRequest{
 		Label:       "integration-test",
 		SessionType: litrpc.SessionType_TYPE_MACAROON_READONLY,
 		ExpiryTimestampSeconds: uint64(
@@ -611,13 +613,14 @@ func runLNCAuthTest(t *testing.T, hostPort, uiPassword, tlsCertPath string,
 	connectPhrase := strings.Split(
 		sessResp.Session.PairingSecretMnemonic, " ",
 	)
-	rawLNCConn, err := connectMailbox(ctxt, connectPhrase)
+	rawLNCConn, macBytes, err := connectMailbox(ctxt, connectPhrase)
 	require.NoError(t, err)
 
 	// We should be able to make a request via LNC to the given RPC
 	// endpoint, unless it is explicitly disallowed (we currently don't want
 	// to support creating more sessions through LNC until we have all
 	// macaroon permissions properly set up).
+	ctxm := macaroonContext(ctxt, macBytes)
 	resp, err := makeRequest(ctxm, rawLNCConn)
 
 	// Is this a disallowed call?
@@ -719,7 +722,7 @@ func getServerCertificates(hostPort string) ([]*x509.Certificate, error) {
 // connectMailbox tries to establish a connection through LNC using the given
 // connect phrase and the test mailbox server.
 func connectMailbox(ctx context.Context,
-	connectPhrase []string) (grpc.ClientConnInterface, error) {
+	connectPhrase []string) (grpc.ClientConnInterface, []byte, error) {
 
 	var mnemonicWords [mailbox.NumPasswordWords]string
 	copy(mnemonicWords[:], connectPhrase)
@@ -729,13 +732,13 @@ func connectMailbox(ctx context.Context,
 
 	privKey, err := btcec.NewPrivateKey(btcec.S256())
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	ecdh := &keychain.PrivKeyECDH{PrivKey: privKey}
 
 	transportConn, err := mailbox.NewClient(ctx, sid)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	noiseConn := mailbox.NewNoiseGrpcConn(ecdh, nil, password[:])
@@ -744,9 +747,25 @@ func connectMailbox(ctx context.Context,
 		grpc.WithContextDialer(transportConn.Dial),
 		grpc.WithTransportCredentials(noiseConn),
 		grpc.WithPerRPCCredentials(noiseConn),
+		grpc.WithBlock(),
+	}
+
+	conn, err := grpc.DialContext(ctx, mailboxServerAddr, dialOpts...)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	md, err := noiseConn.GetRequestMetadata(nil, "")
+	if err != nil {
+		return nil, nil, err
+	}
+
+	macStr, ok := md[terminal.HeaderMacaroon]
+	if !ok {
+		return nil, nil, fmt.Errorf("no macaroon found in the authdata")
 	}
 
-	return grpc.DialContext(ctx, mailboxServerAddr, dialOpts...)
+	return conn, []byte(macStr), nil
 }
 
 func macaroonContext(ctx context.Context, macBytes []byte) context.Context {
diff --git a/itest/litd_mode_remote_test.go b/itest/litd_mode_remote_test.go
@@ -137,9 +137,8 @@ func testModeRemote(net *NetworkHarness, t *harnessTest) {
 			endpoint := endpoint
 			tt.Run(endpoint.name+" lit port", func(ttt *testing.T) {
 				runLNCAuthTest(
-					ttt, cfg.LitAddr(), cfg.UIPassword,
-					cfg.LitTLSCertPath,
-					endpoint.requestFn,
+					ttt, cfg.LitAddr(), cfg.LitTLSCertPath,
+					cfg.LitMacPath, endpoint.requestFn,
 					endpoint.successPattern,
 					endpoint.allowedThroughLNC,
 				)
diff --git a/session_rpcserver.go b/session_rpcserver.go
@@ -119,12 +119,11 @@ func (s *sessionRpcServer) AddSession(_ context.Context,
 		return nil, err
 	}
 
-	if typ != session.TypeUIPassword && typ != session.TypeMacaroonAdmin &&
+	if typ != session.TypeMacaroonAdmin &&
 		typ != session.TypeMacaroonReadonly {
 
-		return nil, fmt.Errorf("invalid session type, only UI " +
-			"password, admin and readonly macaroon types " +
-			"supported in LiT")
+		return nil, fmt.Errorf("invalid session type, only admin " +
+			"and readonly macaroon types supported in LiT")
 	}
 
 	sess, err := session.NewSession(
@@ -181,33 +180,29 @@ func (s *sessionRpcServer) resumeSession(sess *session.Session) error {
 		return nil
 	}
 
-	var authData []byte
-	switch sess.Type {
-	case session.TypeUIPassword:
-		authData = []byte("Authorization: Basic " + s.cfg.basicAuth)
-
-	case session.TypeMacaroonAdmin, session.TypeMacaroonReadonly:
-		ctx := context.Background()
-		readOnly := sess.Type == session.TypeMacaroonReadonly
-		mac, err := s.cfg.superMacBaker(
-			ctx, sess.MacaroonRootKey, &session.MacaroonRecipe{
-				Permissions: GetAllPermissions(readOnly),
-			},
-		)
-		if err != nil {
-			log.Debugf("Not resuming session %x. Could not bake"+
-				"the necessary macaroon: %w", pubKeyBytes, err)
-			return nil
-		}
+	if sess.Type != session.TypeMacaroonAdmin &&
+		sess.Type != session.TypeMacaroonReadonly {
 
-		authData = []byte(fmt.Sprintf("%s: %s", HeaderMacaroon, mac))
-
-	default:
 		log.Debugf("Not resuming session %x with type %d", pubKeyBytes,
 			sess.Type)
 		return nil
 	}
 
+	readOnly := sess.Type == session.TypeMacaroonReadonly
+	mac, err := s.cfg.superMacBaker(
+		context.Background(), sess.MacaroonRootKey,
+		&session.MacaroonRecipe{
+			Permissions: GetAllPermissions(readOnly),
+		},
+	)
+	if err != nil {
+		log.Debugf("Not resuming session %x. Could not bake"+
+			"the necessary macaroon: %w", pubKeyBytes, err)
+		return nil
+	}
+
+	authData := []byte(fmt.Sprintf("%s: %s", HeaderMacaroon, mac))
+
 	sessionClosedSub, err := s.sessionServer.StartSession(sess, authData)
 	if err != nil {
 		return err
