Preserve JWT claims in verify/2 (#22)

2024-11-06 01:35:23 +00:00 · 2021-02-02 20:39:23 +03:00 · 2021-02-02 20:39:23 +03:00 · be761f8dec
commit be761f8dec
parent f2581c8d30
2 changed files with 19 additions and 15 deletions
--- a/src/uac_authorizer_jwt.erl
+++ b/src/uac_authorizer_jwt.erl
@ -287,24 +287,27 @@ verify(KID, Alg, ExpandedToken, VerificationOpts) ->
 verify_with_key(JWK, ExpandedToken, VerificationOpts, Metadata) ->
    case jose_jwt:verify(JWK, ExpandedToken) of
        {true, #jose_jwt{fields = Claims}, _JWS} ->
-            {KeyMeta, Claims1} = validate_claims(Claims, VerificationOpts),
-            get_result(KeyMeta, Claims1, VerificationOpts, Metadata);
+            _ = validate_claims(Claims, VerificationOpts),
+            get_result(Claims, VerificationOpts, Metadata);
        {false, _JWT, _JWS} ->
            {error, invalid_signature}
    end.

 validate_claims(Claims, VerificationOpts) ->
-    validate_claims(Claims, get_validators(), VerificationOpts, #{}).
+    validate_claims(Claims, get_validators(), VerificationOpts).

-validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts, Acc) ->
-    V = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
-    validate_claims(maps:without([Claim], Claims), Rest, VerificationOpts, Acc#{Name => V});
-validate_claims(Claims, [], _, Acc) ->
-    {Acc, Claims}.
+validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts) ->
+    _ = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
+    validate_claims(Claims, Rest, VerificationOpts);
+validate_claims(Claims, [], _) ->
+    Claims.

-get_result(KeyMeta, Claims, VerificationOpts, Metadata) ->
-    #{token_id := TokenID, subject_id := SubjectID} = KeyMeta,
+get_result(Claims, VerificationOpts, Metadata) ->
    try
+        #{
+            ?CLAIM_TOKEN_ID := TokenID,
+            ?CLAIM_SUBJECT_ID := SubjectID
+        } = Claims,
        {ok, {TokenID, SubjectID, decode_roles(Claims, VerificationOpts), Metadata}}
    catch
        error:{badarg, _} = Reason ->
--- a/test/uac_tests_SUITE.erl
+++ b/test/uac_tests_SUITE.erl
@ -134,7 +134,8 @@ no_token_test(_) ->
 force_expiration_test(_) ->
    {ok, Token} = issue_token(?TEST_SERVICE_ACL(write), 1),
    {ok, AccessContext} = uac:authorize_api_key(<<"Bearer ", Token/binary>>, #{}),
-    ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext).
+    ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext),
+    1 = uac_authorizer_jwt:get_expires_at(AccessContext).

 -spec force_expiration_fail_test(config()) -> _.
 force_expiration_fail_test(_) ->
@ -206,15 +207,15 @@ configure_processed_domains_test(_) ->

 %%

-issue_token(DomainRoles, LifeTime) when is_map(DomainRoles) ->
+issue_token(DomainRoles, Expiration) when is_map(DomainRoles) ->
    PartyID = <<"TEST">>,
    Claims0 = #{<<"TEST">> => <<"TEST">>},
-    Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, DomainRoles),
+    Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, DomainRoles),
    uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test);
-issue_token(ACL, LifeTime) ->
+issue_token(ACL, Expiration) ->
    PartyID = <<"TEST">>,
    Claims0 = #{<<"TEST">> => <<"TEST">>},
-    Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
+    Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
    uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test).

 issue_dummy_token(ACL, Config) ->