From f10343921bbc3d607b593f5809a6af8d92821905 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 24 Sep 2015 16:20:22 -0400 Subject: [PATCH] Start rejigging JWT --- builtin/logical/jwt/backend.go | 1 - builtin/logical/jwt/backend_test.go | 40 +++++++++++++---------------- builtin/logical/jwt/path_issue.go | 9 +++---- 3 files changed, 21 insertions(+), 29 deletions(-) diff --git a/builtin/logical/jwt/backend.go b/builtin/logical/jwt/backend.go index c023798b1..e50a3a783 100644 --- a/builtin/logical/jwt/backend.go +++ b/builtin/logical/jwt/backend.go @@ -19,7 +19,6 @@ func Backend() *framework.Backend { pathRoles(&b), pathIssue(&b), }, - } return b.Backend diff --git a/builtin/logical/jwt/backend_test.go b/builtin/logical/jwt/backend_test.go index 7db2da6fa..cc0fadd46 100644 --- a/builtin/logical/jwt/backend_test.go +++ b/builtin/logical/jwt/backend_test.go @@ -13,7 +13,7 @@ import ( func TestBackend_basic(t *testing.T) { tokenClaims := map[string]interface{}{ - "iss": "Test Issuer", + "iss": "Test Issuer", "sub": "Test Subject", "aud": "Test Audience", "iat": 1438898720, @@ -61,10 +61,10 @@ func testAccStepWriteRole(t *testing.T, name string, algorithm string, key strin Operation: logical.WriteOperation, Path: "roles/" + name, Data: map[string]interface{}{ - "algorithm": algorithm, - "key": key, - "default_issuer": "Test Default Issuer", - "default_subject": "Test Default Subject", + "algorithm": algorithm, + "key": key, + "default_issuer": "Test Default Issuer", + "default_subject": "Test Default Subject", "default_audience": "Test Default Audience", }, } @@ -86,27 +86,23 @@ func testAccStepReadRole(t *testing.T, name string, algorithm string, key string return fmt.Errorf("missing response") } var d struct { - Name string `json:"name" mapstructure:"name"` - Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"` - Key string `json:"key" structs:"key" mapstructure:"key"` - Issuer string `json:"iss" structs:"iss" mapstructure:"iss"` - Subject string `json:"sub" structs:"sub" mapstructure:"sub"` - Audience string `json:"aud" structs:"aud" mapstructure:"aud"` + Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"` + Key string `json:"key" structs:"key" mapstructure:"key"` + Issuer string `json:"iss" structs:"iss" mapstructure:"iss"` + Subject string `json:"sub" structs:"sub" mapstructure:"sub"` + Audience string `json:"aud" structs:"aud" mapstructure:"aud"` } if err := mapstructure.Decode(resp.Data, &d); err != nil { return err } - if d.Name != name { - return fmt.Errorf("bad: %#v", d) - } if d.Algorithm != algorithm { - return fmt.Errorf("bad: %#v", d) + return fmt.Errorf("bad algorithm: expected %s, got %#v", algorithm, d) } - if d.Key != key { - return fmt.Errorf("bad: %#v", d) + if d.Key != "" { + return fmt.Errorf("bad key: expected %s, got %#v", key, d) } - + return nil }, } @@ -119,8 +115,8 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte Data: tokenClaims, Check: func(resp *logical.Response) error { var d struct { - JTI string `mapstructure:"jti"` - Token string `mapstructure:"token"` + JTI string `mapstructure:"jti"` + Token string `mapstructure:"token"` } if err := mapstructure.Decode(resp.Data, &d); err != nil { return err @@ -131,7 +127,7 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte token, err := jwt.Parse(d.Token, func(token *jwt.Token) (interface{}, error) { return token, nil - }) + }) if err != nil { return fmt.Errorf("error parsing token") } @@ -139,7 +135,7 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte if d.JTI != token.Claims["jti"] { return fmt.Errorf("bad: %#v", d) } - + if token.Claims["ran"] != "random" { return fmt.Errorf("bad: %#v", d) } diff --git a/builtin/logical/jwt/path_issue.go b/builtin/logical/jwt/path_issue.go index 278a360d3..aa3a71bab 100644 --- a/builtin/logical/jwt/path_issue.go +++ b/builtin/logical/jwt/path_issue.go @@ -41,8 +41,8 @@ func pathIssue(b *backend) *framework.Path { Description: "Defines the time before which the JWT MUST NOT be accepted for processing", }, "issued_at": &framework.FieldSchema{ - Type: framework.TypeInt, - Description: "The time the JWT was issued", + Type: framework.TypeBool, + Description: "Whether to include the issued_at claim", }, "jti": &framework.FieldSchema{ Type: framework.TypeString, @@ -90,7 +90,7 @@ func (b *backend) pathIssueWrite( if data.Get("not_before") == 0 { claims["nbf"] = int(time.Now().Unix()) } - if data.Get("issued_at") == 0 { + if data.Get("issued_at").(bool) { claims["iat"] = int(time.Now().Unix()) } if data.Get("jti") == "" { @@ -112,9 +112,6 @@ func (b *backend) pathIssueWrite( if data.Get("not_before").(int) > 0 { claims["nbf"] = data.Get("not_before").(int) } - if data.Get("issued_at").(int) > 0 { - claims["iat"] = data.Get("issued_at").(int) - } if data.Get("jti") != "" { claims["jti"] = data.Get("jti").(string) }