firejwt 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/firejwt.gemspec +1 -1
- data/firejwt.go +10 -2
- data/firejwt_test.go +13 -14
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3032c59245418498f9001893a4ee7171a82a853d0595d5b5fb81668236a3661
|
|
4
|
+
data.tar.gz: de674f7c87deed20cf6f1c50cd3871a00c5db41664b43adcb05f764e05f0d923
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6beeea534dd67e2d489b54fdf86ab1484f8e55bd6cf83eb86587000fe3c6f856987aa1648e44f7f5b3fa1447ded216834d5b20ae5269702f430bc13e1aba1a43
|
|
7
|
+
data.tar.gz: 3ac5a9fe61a9f9c806ca34367a2d635f8c7eba1f00f0caef7c7d15cc9a32e3cd3e6cc31f767fb9754d288a7c873f0b53fec628b38c82dc832f1c0a2017f01080
|
data/Gemfile.lock
CHANGED
data/firejwt.gemspec
CHANGED
data/firejwt.go
CHANGED
|
@@ -59,8 +59,15 @@ func (v *Validator) Stop() {
|
|
|
59
59
|
}
|
|
60
60
|
|
|
61
61
|
// Decode decodes the token
|
|
62
|
-
func (v *Validator) Decode(tokenString string) (*
|
|
63
|
-
|
|
62
|
+
func (v *Validator) Decode(tokenString string) (*Claims, error) {
|
|
63
|
+
claims := new(Claims)
|
|
64
|
+
token, err := jwt.ParseWithClaims(tokenString, claims, v.verify)
|
|
65
|
+
if err != nil {
|
|
66
|
+
return nil, err
|
|
67
|
+
} else if !token.Valid {
|
|
68
|
+
return nil, errTokenInvalid
|
|
69
|
+
}
|
|
70
|
+
return claims, nil
|
|
64
71
|
}
|
|
65
72
|
|
|
66
73
|
// ExpTime returns the expiration time.
|
|
@@ -97,6 +104,7 @@ var (
|
|
|
97
104
|
errIssuedFuture = errors.New("issued in the future")
|
|
98
105
|
errNoSubject = errors.New("subject is missing")
|
|
99
106
|
errAuthFuture = errors.New("auth-time in the future")
|
|
107
|
+
errTokenInvalid = errors.New("token is invalid")
|
|
100
108
|
)
|
|
101
109
|
|
|
102
110
|
func (v *Validator) verify(token *jwt.Token) (interface{}, error) {
|
data/firejwt_test.go
CHANGED
|
@@ -25,10 +25,10 @@ import (
|
|
|
25
25
|
var _ = Describe("Validator", func() {
|
|
26
26
|
var subject *firejwt.Validator
|
|
27
27
|
var server *httptest.Server
|
|
28
|
-
var
|
|
28
|
+
var seeds *firejwt.Claims
|
|
29
29
|
|
|
30
30
|
generate := func() string {
|
|
31
|
-
token := jwt.NewWithClaims(jwt.SigningMethodRS256,
|
|
31
|
+
token := jwt.NewWithClaims(jwt.SigningMethodRS256, seeds)
|
|
32
32
|
token.Header["kid"] = certKID
|
|
33
33
|
|
|
34
34
|
data, err := token.SignedString(privKey)
|
|
@@ -43,7 +43,7 @@ var _ = Describe("Validator", func() {
|
|
|
43
43
|
certKID: string(certPEM),
|
|
44
44
|
})
|
|
45
45
|
}))
|
|
46
|
-
|
|
46
|
+
seeds = mockClaims(time.Now().Unix())
|
|
47
47
|
|
|
48
48
|
var err error
|
|
49
49
|
subject, err = firejwt.Mocked(server.URL)
|
|
@@ -60,10 +60,9 @@ var _ = Describe("Validator", func() {
|
|
|
60
60
|
})
|
|
61
61
|
|
|
62
62
|
It("should decode tokens", func() {
|
|
63
|
-
|
|
63
|
+
claims, err := subject.Decode(generate())
|
|
64
64
|
Expect(err).NotTo(HaveOccurred())
|
|
65
|
-
Expect(
|
|
66
|
-
Expect(token.Claims).To(Equal(claims))
|
|
65
|
+
Expect(claims).To(Equal(seeds))
|
|
67
66
|
})
|
|
68
67
|
|
|
69
68
|
It("should reject bad tokens", func() {
|
|
@@ -73,42 +72,42 @@ var _ = Describe("Validator", func() {
|
|
|
73
72
|
})
|
|
74
73
|
|
|
75
74
|
It("should verify exp", func() {
|
|
76
|
-
|
|
75
|
+
seeds.ExpiresAt = time.Now().Unix() - 1
|
|
77
76
|
_, err := subject.Decode(generate())
|
|
78
77
|
Expect(err).To(MatchError(`token has expired`))
|
|
79
78
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
80
79
|
})
|
|
81
80
|
|
|
82
81
|
It("should verify iat", func() {
|
|
83
|
-
|
|
82
|
+
seeds.IssuedAt = time.Now().Unix() + 1
|
|
84
83
|
_, err := subject.Decode(generate())
|
|
85
84
|
Expect(err).To(MatchError(`issued in the future`))
|
|
86
85
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
87
86
|
})
|
|
88
87
|
|
|
89
88
|
It("should verify aud", func() {
|
|
90
|
-
|
|
89
|
+
seeds.Audience = "other"
|
|
91
90
|
_, err := subject.Decode(generate())
|
|
92
91
|
Expect(err).To(MatchError(`invalid audience claim "other"`))
|
|
93
92
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
94
93
|
})
|
|
95
94
|
|
|
96
95
|
It("should verify iss", func() {
|
|
97
|
-
|
|
96
|
+
seeds.Issuer = "other"
|
|
98
97
|
_, err := subject.Decode(generate())
|
|
99
98
|
Expect(err).To(MatchError(`invalid issuer claim "other"`))
|
|
100
99
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
101
100
|
})
|
|
102
101
|
|
|
103
102
|
It("should verify sub", func() {
|
|
104
|
-
|
|
103
|
+
seeds.Subject = ""
|
|
105
104
|
_, err := subject.Decode(generate())
|
|
106
105
|
Expect(err).To(MatchError(`subject is missing`))
|
|
107
106
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
108
107
|
})
|
|
109
108
|
|
|
110
109
|
It("should verify auth time", func() {
|
|
111
|
-
|
|
110
|
+
seeds.AuthAt = time.Now().Unix() + 1
|
|
112
111
|
_, err := subject.Decode(generate())
|
|
113
112
|
Expect(err).To(MatchError(`auth-time in the future`))
|
|
114
113
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
@@ -117,8 +116,8 @@ var _ = Describe("Validator", func() {
|
|
|
117
116
|
|
|
118
117
|
var _ = Describe("Claims", func() {
|
|
119
118
|
It("should be JWT compatible", func() {
|
|
120
|
-
|
|
121
|
-
Expect(json.Marshal(
|
|
119
|
+
subject := mockClaims(1515151515)
|
|
120
|
+
Expect(json.Marshal(subject)).To(MatchJSON(`{
|
|
122
121
|
"name": "Me",
|
|
123
122
|
"picture": "https://test.host/me.jpg",
|
|
124
123
|
"sub": "MDYwNDQwNjUtYWQ0ZC00ZDkwLThl",
|