mirror of
https://github.com/valitydev/erlang_uac.git
synced 2024-11-06 01:35:23 +00:00
Preserve JWT claims in verify/2
(#22)
This commit is contained in:
parent
f2581c8d30
commit
be761f8dec
@ -287,24 +287,27 @@ verify(KID, Alg, ExpandedToken, VerificationOpts) ->
|
||||
verify_with_key(JWK, ExpandedToken, VerificationOpts, Metadata) ->
|
||||
case jose_jwt:verify(JWK, ExpandedToken) of
|
||||
{true, #jose_jwt{fields = Claims}, _JWS} ->
|
||||
{KeyMeta, Claims1} = validate_claims(Claims, VerificationOpts),
|
||||
get_result(KeyMeta, Claims1, VerificationOpts, Metadata);
|
||||
_ = validate_claims(Claims, VerificationOpts),
|
||||
get_result(Claims, VerificationOpts, Metadata);
|
||||
{false, _JWT, _JWS} ->
|
||||
{error, invalid_signature}
|
||||
end.
|
||||
|
||||
validate_claims(Claims, VerificationOpts) ->
|
||||
validate_claims(Claims, get_validators(), VerificationOpts, #{}).
|
||||
validate_claims(Claims, get_validators(), VerificationOpts).
|
||||
|
||||
validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts, Acc) ->
|
||||
V = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
|
||||
validate_claims(maps:without([Claim], Claims), Rest, VerificationOpts, Acc#{Name => V});
|
||||
validate_claims(Claims, [], _, Acc) ->
|
||||
{Acc, Claims}.
|
||||
validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts) ->
|
||||
_ = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
|
||||
validate_claims(Claims, Rest, VerificationOpts);
|
||||
validate_claims(Claims, [], _) ->
|
||||
Claims.
|
||||
|
||||
get_result(KeyMeta, Claims, VerificationOpts, Metadata) ->
|
||||
#{token_id := TokenID, subject_id := SubjectID} = KeyMeta,
|
||||
get_result(Claims, VerificationOpts, Metadata) ->
|
||||
try
|
||||
#{
|
||||
?CLAIM_TOKEN_ID := TokenID,
|
||||
?CLAIM_SUBJECT_ID := SubjectID
|
||||
} = Claims,
|
||||
{ok, {TokenID, SubjectID, decode_roles(Claims, VerificationOpts), Metadata}}
|
||||
catch
|
||||
error:{badarg, _} = Reason ->
|
||||
|
@ -134,7 +134,8 @@ no_token_test(_) ->
|
||||
force_expiration_test(_) ->
|
||||
{ok, Token} = issue_token(?TEST_SERVICE_ACL(write), 1),
|
||||
{ok, AccessContext} = uac:authorize_api_key(<<"Bearer ", Token/binary>>, #{}),
|
||||
ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext).
|
||||
ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext),
|
||||
1 = uac_authorizer_jwt:get_expires_at(AccessContext).
|
||||
|
||||
-spec force_expiration_fail_test(config()) -> _.
|
||||
force_expiration_fail_test(_) ->
|
||||
@ -206,15 +207,15 @@ configure_processed_domains_test(_) ->
|
||||
|
||||
%%
|
||||
|
||||
issue_token(DomainRoles, LifeTime) when is_map(DomainRoles) ->
|
||||
issue_token(DomainRoles, Expiration) when is_map(DomainRoles) ->
|
||||
PartyID = <<"TEST">>,
|
||||
Claims0 = #{<<"TEST">> => <<"TEST">>},
|
||||
Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, DomainRoles),
|
||||
Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, DomainRoles),
|
||||
uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test);
|
||||
issue_token(ACL, LifeTime) ->
|
||||
issue_token(ACL, Expiration) ->
|
||||
PartyID = <<"TEST">>,
|
||||
Claims0 = #{<<"TEST">> => <<"TEST">>},
|
||||
Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
|
||||
Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
|
||||
uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test).
|
||||
|
||||
issue_dummy_token(ACL, Config) ->
|
||||
|
Loading…
Reference in New Issue
Block a user