Commit fe8e1434c6aef507930e9c0e6a7f2a964fe77c2d - golang-github-go-kit-kit

auth/jwt: MapClaims: passing add claimsFactory type make NewParser take a claimsFactory instead of an instance of jwt.Claims use claimsFactory to create a jwt.Claims to pass in to jwt.ParseWithClaims update NewParser calls in tests to take a claimsFactory instead of a jwt.Claims instance Jaco Esterhuizen 6 years ago

2 changed file(s) with 13 addition(s) and 11 deletion(s). Raw diff Collapse all Expand all

-2

auth/jwt/middleware.go less more

65	65	}
66	66	}
67	67
	68	type claimsFactory func() jwt.Claims
	69
68	70	// NewParser creates a new JWT token parsing middleware, specifying a
69	71	// jwt.Keyfunc interface, the signing method and the claims type to be used. NewParser
70	72	// adds the resulting claims to endpoint context or returns error on invalid token.
71	73	// Particularly useful for servers.
72		func NewParser(keyFunc jwt.Keyfunc, method jwt.SigningMethod, claims jwt.Claims) endpoint.Middleware {
	74	func NewParser(keyFunc jwt.Keyfunc, method jwt.SigningMethod, newClaims claimsFactory) endpoint.Middleware {
73	75	return func(next endpoint.Endpoint) endpoint.Endpoint {
74	76	return func(ctx context.Context, request interface{}) (response interface{}, err error) {
75	77	// tokenString is stored in the context from the transport handlers.

84	86	// of the token to identify which key to use, but the parsed token
85	87	// (head and claims) is provided to the callback, providing
86	88	// flexibility.
87		token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
	89	token, err := jwt.ParseWithClaims(tokenString, newClaims(), func(token *jwt.Token) (interface{}, error) {
88	90	// Don't forget to validate the alg is what you expect:
89	91	if token.Method != method {
90	92	return nil, ErrUnexpectedSigningMethod

-9

auth/jwt/middleware_test.go less more

73	73	return key, nil
74	74	}
75	75
76		parser := NewParser(keys, method, jwt.MapClaims{})(e)
	76	parser := NewParser(keys, method, func() jwt.Claims { return jwt.MapClaims{} })(e)
77	77
78	78	// No Token is passed into the parser
79	79	_, err := parser(context.Background(), struct{}{})

93	93	}
94	94
95	95	// Invalid Method is used in the parser
96		badParser := NewParser(keys, invalidMethod, jwt.MapClaims{})(e)
	96	badParser := NewParser(keys, invalidMethod, func() jwt.Claims { return jwt.MapClaims{} })(e)
97	97	ctx = context.WithValue(context.Background(), JWTTokenContextKey, signedKey)
98	98	_, err = badParser(ctx, struct{}{})
99	99	if err == nil {

109	109	return []byte("bad"), nil
110	110	}
111	111
112		badParser = NewParser(invalidKeys, method, jwt.MapClaims{})(e)
	112	badParser = NewParser(invalidKeys, method, func() jwt.Claims { return jwt.MapClaims{} })(e)
113	113	ctx = context.WithValue(context.Background(), JWTTokenContextKey, signedKey)
114	114	_, err = badParser(ctx, struct{}{})
115	115	if err == nil {

133	133	}
134	134
135	135	// Test for malformed token error response
136		parser = NewParser(keys, method, &jwt.StandardClaims{})(e)
	136	parser = NewParser(keys, method, func() jwt.Claims { return &jwt.StandardClaims{} })(e)
137	137	ctx = context.WithValue(context.Background(), JWTTokenContextKey, malformedKey)
138	138	ctx1, err = parser(ctx, struct{}{})
139	139	if want, have := ErrTokenMalformed, err; want != have {

141	141	}
142	142
143	143	// Test for expired token error response
144		parser = NewParser(keys, method, &jwt.StandardClaims{})(e)
	144	parser = NewParser(keys, method, func() jwt.Claims { return &jwt.StandardClaims{} })(e)
145	145	expired := jwt.NewWithClaims(method, jwt.StandardClaims{ExpiresAt: time.Now().Unix() - 100})
146	146	token, err := expired.SignedString(key)
147	147	if err != nil {

154	154	}
155	155
156	156	// Test for not activated token error response
157		parser = NewParser(keys, method, &jwt.StandardClaims{})(e)
	157	parser = NewParser(keys, method, func() jwt.Claims { return &jwt.StandardClaims{} })(e)
158	158	notactive := jwt.NewWithClaims(method, jwt.StandardClaims{NotBefore: time.Now().Unix() + 100})
159	159	token, err = notactive.SignedString(key)
160	160	if err != nil {

167	167	}
168	168
169	169	// test valid standard claims token
170		parser = NewParser(keys, method, &jwt.StandardClaims{})(e)
	170	parser = NewParser(keys, method, func() jwt.Claims { return &jwt.StandardClaims{} })(e)
171	171	ctx = context.WithValue(context.Background(), JWTTokenContextKey, standardSignedKey)
172	172	ctx1, err = parser(ctx, struct{}{})
173	173	if err != nil {

182	182	}
183	183
184	184	// test valid customized claims token
185		parser = NewParser(keys, method, &customClaims{})(e)
	185	parser = NewParser(keys, method, func() jwt.Claims { return &customClaims{} })(e)
186	186	ctx = context.WithValue(context.Background(), JWTTokenContextKey, customSignedKey)
187	187	ctx1, err = parser(ctx, struct{}{})
188	188	if err != nil {

203	203	func TestIssue562(t *testing.T) {
204	204	var (
205	205	kf = func(token *jwt.Token) (interface{}, error) { return []byte("secret"), nil }
206		e = NewParser(kf, jwt.SigningMethodHS256, jwt.MapClaims{})(endpoint.Nop)
	206	e = NewParser(kf, jwt.SigningMethodHS256, func() jwt.Claims { return jwt.MapClaims{} })(endpoint.Nop)
207	207	key = JWTTokenContextKey
208	208	val = "eyJhbGciOiJIUzI1NiIsImtpZCI6ImtpZCIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZ28ta2l0In0.14M2VmYyApdSlV_LZ88ajjwuaLeIFplB8JpyNy0A19E"
209	209	ctx = context.WithValue(context.Background(), key, val)