firejwt 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/firejwt.gemspec +1 -1
- data/firejwt.go +10 -2
- data/firejwt_test.go +13 -14
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3032c59245418498f9001893a4ee7171a82a853d0595d5b5fb81668236a3661
|
|
4
|
+
data.tar.gz: de674f7c87deed20cf6f1c50cd3871a00c5db41664b43adcb05f764e05f0d923
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6beeea534dd67e2d489b54fdf86ab1484f8e55bd6cf83eb86587000fe3c6f856987aa1648e44f7f5b3fa1447ded216834d5b20ae5269702f430bc13e1aba1a43
|
|
7
|
+
data.tar.gz: 3ac5a9fe61a9f9c806ca34367a2d635f8c7eba1f00f0caef7c7d15cc9a32e3cd3e6cc31f767fb9754d288a7c873f0b53fec628b38c82dc832f1c0a2017f01080
|
data/Gemfile.lock
CHANGED
data/firejwt.gemspec
CHANGED
data/firejwt.go
CHANGED
|
@@ -59,8 +59,15 @@ func (v *Validator) Stop() {
|
|
|
59
59
|
}
|
|
60
60
|
|
|
61
61
|
// Decode decodes the token
|
|
62
|
-
func (v *Validator) Decode(tokenString string) (*
|
|
63
|
-
|
|
62
|
+
func (v *Validator) Decode(tokenString string) (*Claims, error) {
|
|
63
|
+
claims := new(Claims)
|
|
64
|
+
token, err := jwt.ParseWithClaims(tokenString, claims, v.verify)
|
|
65
|
+
if err != nil {
|
|
66
|
+
return nil, err
|
|
67
|
+
} else if !token.Valid {
|
|
68
|
+
return nil, errTokenInvalid
|
|
69
|
+
}
|
|
70
|
+
return claims, nil
|
|
64
71
|
}
|
|
65
72
|
|
|
66
73
|
// ExpTime returns the expiration time.
|
|
@@ -97,6 +104,7 @@ var (
|
|
|
97
104
|
errIssuedFuture = errors.New("issued in the future")
|
|
98
105
|
errNoSubject = errors.New("subject is missing")
|
|
99
106
|
errAuthFuture = errors.New("auth-time in the future")
|
|
107
|
+
errTokenInvalid = errors.New("token is invalid")
|
|
100
108
|
)
|
|
101
109
|
|
|
102
110
|
func (v *Validator) verify(token *jwt.Token) (interface{}, error) {
|
data/firejwt_test.go
CHANGED
|
@@ -25,10 +25,10 @@ import (
|
|
|
25
25
|
var _ = Describe("Validator", func() {
|
|
26
26
|
var subject *firejwt.Validator
|
|
27
27
|
var server *httptest.Server
|
|
28
|
-
var
|
|
28
|
+
var seeds *firejwt.Claims
|
|
29
29
|
|
|
30
30
|
generate := func() string {
|
|
31
|
-
token := jwt.NewWithClaims(jwt.SigningMethodRS256,
|
|
31
|
+
token := jwt.NewWithClaims(jwt.SigningMethodRS256, seeds)
|
|
32
32
|
token.Header["kid"] = certKID
|
|
33
33
|
|
|
34
34
|
data, err := token.SignedString(privKey)
|
|
@@ -43,7 +43,7 @@ var _ = Describe("Validator", func() {
|
|
|
43
43
|
certKID: string(certPEM),
|
|
44
44
|
})
|
|
45
45
|
}))
|
|
46
|
-
|
|
46
|
+
seeds = mockClaims(time.Now().Unix())
|
|
47
47
|
|
|
48
48
|
var err error
|
|
49
49
|
subject, err = firejwt.Mocked(server.URL)
|
|
@@ -60,10 +60,9 @@ var _ = Describe("Validator", func() {
|
|
|
60
60
|
})
|
|
61
61
|
|
|
62
62
|
It("should decode tokens", func() {
|
|
63
|
-
|
|
63
|
+
claims, err := subject.Decode(generate())
|
|
64
64
|
Expect(err).NotTo(HaveOccurred())
|
|
65
|
-
Expect(
|
|
66
|
-
Expect(token.Claims).To(Equal(claims))
|
|
65
|
+
Expect(claims).To(Equal(seeds))
|
|
67
66
|
})
|
|
68
67
|
|
|
69
68
|
It("should reject bad tokens", func() {
|
|
@@ -73,42 +72,42 @@ var _ = Describe("Validator", func() {
|
|
|
73
72
|
})
|
|
74
73
|
|
|
75
74
|
It("should verify exp", func() {
|
|
76
|
-
|
|
75
|
+
seeds.ExpiresAt = time.Now().Unix() - 1
|
|
77
76
|
_, err := subject.Decode(generate())
|
|
78
77
|
Expect(err).To(MatchError(`token has expired`))
|
|
79
78
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
80
79
|
})
|
|
81
80
|
|
|
82
81
|
It("should verify iat", func() {
|
|
83
|
-
|
|
82
|
+
seeds.IssuedAt = time.Now().Unix() + 1
|
|
84
83
|
_, err := subject.Decode(generate())
|
|
85
84
|
Expect(err).To(MatchError(`issued in the future`))
|
|
86
85
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
87
86
|
})
|
|
88
87
|
|
|
89
88
|
It("should verify aud", func() {
|
|
90
|
-
|
|
89
|
+
seeds.Audience = "other"
|
|
91
90
|
_, err := subject.Decode(generate())
|
|
92
91
|
Expect(err).To(MatchError(`invalid audience claim "other"`))
|
|
93
92
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
94
93
|
})
|
|
95
94
|
|
|
96
95
|
It("should verify iss", func() {
|
|
97
|
-
|
|
96
|
+
seeds.Issuer = "other"
|
|
98
97
|
_, err := subject.Decode(generate())
|
|
99
98
|
Expect(err).To(MatchError(`invalid issuer claim "other"`))
|
|
100
99
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
101
100
|
})
|
|
102
101
|
|
|
103
102
|
It("should verify sub", func() {
|
|
104
|
-
|
|
103
|
+
seeds.Subject = ""
|
|
105
104
|
_, err := subject.Decode(generate())
|
|
106
105
|
Expect(err).To(MatchError(`subject is missing`))
|
|
107
106
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
108
107
|
})
|
|
109
108
|
|
|
110
109
|
It("should verify auth time", func() {
|
|
111
|
-
|
|
110
|
+
seeds.AuthAt = time.Now().Unix() + 1
|
|
112
111
|
_, err := subject.Decode(generate())
|
|
113
112
|
Expect(err).To(MatchError(`auth-time in the future`))
|
|
114
113
|
Expect(err).To(BeAssignableToTypeOf(&jwt.ValidationError{}))
|
|
@@ -117,8 +116,8 @@ var _ = Describe("Validator", func() {
|
|
|
117
116
|
|
|
118
117
|
var _ = Describe("Claims", func() {
|
|
119
118
|
It("should be JWT compatible", func() {
|
|
120
|
-
|
|
121
|
-
Expect(json.Marshal(
|
|
119
|
+
subject := mockClaims(1515151515)
|
|
120
|
+
Expect(json.Marshal(subject)).To(MatchJSON(`{
|
|
122
121
|
"name": "Me",
|
|
123
122
|
"picture": "https://test.host/me.jpg",
|
|
124
123
|
"sub": "MDYwNDQwNjUtYWQ0ZC00ZDkwLThl",
|