luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Start rejigging JWT

Browse source
This commit is contained in:
Jeff Mitchell 2015-09-24 16:20:22 -04:00
parent e38c21e0ca
commit f10343921b
3 changed files with 21 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
builtin/logical/jwt/backend.go
View file

@ -19,7 +19,6 @@ func Backend() *framework.Backend {
pathRoles(&b), pathRoles(&b),
pathIssue(&b), pathIssue(&b),
}, },
} }
return b.Backend return b.Backend

40
builtin/logical/jwt/backend_test.go
View file

@ -13,7 +13,7 @@ import (
func TestBackend_basic(t *testing.T) { func TestBackend_basic(t *testing.T) {
tokenClaims := map[string]interface{}{ tokenClaims := map[string]interface{}{
"iss": "Test Issuer", "iss": "Test Issuer",
"sub": "Test Subject", "sub": "Test Subject",
"aud": "Test Audience", "aud": "Test Audience",
"iat": 1438898720, "iat": 1438898720,
@ -61,10 +61,10 @@ func testAccStepWriteRole(t *testing.T, name string, algorithm string, key strin
Operation: logical.WriteOperation, Operation: logical.WriteOperation,
Path: "roles/" + name, Path: "roles/" + name,
Data: map[string]interface{}{ Data: map[string]interface{}{
"algorithm": algorithm, "algorithm": algorithm,
"key": key, "key": key,
"default_issuer": "Test Default Issuer", "default_issuer": "Test Default Issuer",
"default_subject": "Test Default Subject", "default_subject": "Test Default Subject",
"default_audience": "Test Default Audience", "default_audience": "Test Default Audience",
}, },
} }
@ -86,27 +86,23 @@ func testAccStepReadRole(t *testing.T, name string, algorithm string, key string
return fmt.Errorf("missing response") return fmt.Errorf("missing response")
} }
var d struct { var d struct {
Name string `json:"name" mapstructure:"name"` Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"`
Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"` Key string `json:"key" structs:"key" mapstructure:"key"`
Key string `json:"key" structs:"key" mapstructure:"key"` Issuer string `json:"iss" structs:"iss" mapstructure:"iss"`
Issuer string `json:"iss" structs:"iss" mapstructure:"iss"` Subject string `json:"sub" structs:"sub" mapstructure:"sub"`
Subject string `json:"sub" structs:"sub" mapstructure:"sub"` Audience string `json:"aud" structs:"aud" mapstructure:"aud"`
Audience string `json:"aud" structs:"aud" mapstructure:"aud"`
} }
if err := mapstructure.Decode(resp.Data, &d); err != nil { if err := mapstructure.Decode(resp.Data, &d); err != nil {
return err return err
} }
if d.Name != name {
return fmt.Errorf("bad: %#v", d)
}
if d.Algorithm != algorithm { if d.Algorithm != algorithm {
return fmt.Errorf("bad: %#v", d) return fmt.Errorf("bad algorithm: expected %s, got %#v", algorithm, d)
} }
if d.Key != key { if d.Key != "" {
return fmt.Errorf("bad: %#v", d) return fmt.Errorf("bad key: expected %s, got %#v", key, d)
} }
return nil return nil
}, },
} }
@ -119,8 +115,8 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte
Data: tokenClaims, Data: tokenClaims,
Check: func(resp *logical.Response) error { Check: func(resp *logical.Response) error {
var d struct { var d struct {
JTI string `mapstructure:"jti"` JTI string `mapstructure:"jti"`
Token string `mapstructure:"token"` Token string `mapstructure:"token"`
} }
if err := mapstructure.Decode(resp.Data, &d); err != nil { if err := mapstructure.Decode(resp.Data, &d); err != nil {
return err return err
@ -131,7 +127,7 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte
token, err := jwt.Parse(d.Token, func(token *jwt.Token) (interface{}, error) { token, err := jwt.Parse(d.Token, func(token *jwt.Token) (interface{}, error) {
return token, nil return token, nil
}) })
if err != nil { if err != nil {
return fmt.Errorf("error parsing token") return fmt.Errorf("error parsing token")
} }
@ -139,7 +135,7 @@ func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]inte
if d.JTI != token.Claims["jti"] { if d.JTI != token.Claims["jti"] {
return fmt.Errorf("bad: %#v", d) return fmt.Errorf("bad: %#v", d)
} }
if token.Claims["ran"] != "random" { if token.Claims["ran"] != "random" {
return fmt.Errorf("bad: %#v", d) return fmt.Errorf("bad: %#v", d)
} }

9
builtin/logical/jwt/path_issue.go
View file

@ -41,8 +41,8 @@ func pathIssue(b *backend) *framework.Path {
Description: "Defines the time before which the JWT MUST NOT be accepted for processing", Description: "Defines the time before which the JWT MUST NOT be accepted for processing",
}, },
"issued_at": &framework.FieldSchema{ "issued_at": &framework.FieldSchema{
Type: framework.TypeInt, Type: framework.TypeBool,
Description: "The time the JWT was issued", Description: "Whether to include the issued_at claim",
}, },
"jti": &framework.FieldSchema{ "jti": &framework.FieldSchema{
Type: framework.TypeString, Type: framework.TypeString,
@ -90,7 +90,7 @@ func (b *backend) pathIssueWrite(
if data.Get("not_before") == 0 { if data.Get("not_before") == 0 {
claims["nbf"] = int(time.Now().Unix()) claims["nbf"] = int(time.Now().Unix())
} }
if data.Get("issued_at") == 0 { if data.Get("issued_at").(bool) {
claims["iat"] = int(time.Now().Unix()) claims["iat"] = int(time.Now().Unix())
} }
if data.Get("jti") == "" { if data.Get("jti") == "" {
@ -112,9 +112,6 @@ func (b *backend) pathIssueWrite(
if data.Get("not_before").(int) > 0 { if data.Get("not_before").(int) > 0 {
claims["nbf"] = data.Get("not_before").(int) claims["nbf"] = data.Get("not_before").(int)
} }
if data.Get("issued_at").(int) > 0 {
claims["iat"] = data.Get("issued_at").(int)
}
if data.Get("jti") != "" { if data.Get("jti") != "" {
claims["jti"] = data.Get("jti").(string) claims["jti"] = data.Get("jti").(string)
} }