Skip to content

Commit

Permalink
Merge pull request #94 from elisasre/validateiss
Browse files Browse the repository at this point in the history 
update golang-jwt lib
  • Loading branch information
@zetaab
zetaab authored Oct 7, 2023
2 parents 847e1d6 + b5702a5 commit 44ce0a7
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 14 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/gin-gonic/gin v1.9.1
github.com/go-redis/redis/v8 v8.11.5
github.com/go-redis/redis_rate/v9 v9.1.2
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.17.0
github.com/rs/zerolog v1.31.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,8 +276,8 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
Expand Down
18 changes: 9 additions & 9 deletions token/token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"time"

"github.com/elisasre/go-common"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"
)

// Token struct.
Expand Down Expand Up @@ -45,7 +45,7 @@ func New(user *common.User) *Token {
// UserJWTClaims contains struct for making and parsing jwt tokens.
type UserJWTClaims struct {
*common.User
jwt.StandardClaims
jwt.RegisteredClaims
Nonce string `json:"nonce,omitempty"`
}

Expand Down Expand Up @@ -80,12 +80,12 @@ func (t *Token) SignExpires(key common.JWTKey, claim SignClaims) (string, error)

claims := UserJWTClaims{
t.User,
jwt.StandardClaims{
jwt.RegisteredClaims{
Subject: sub,
Audience: claim.Aud,
ExpiresAt: claim.Exp,
Audience: jwt.ClaimStrings{claim.Aud},
ExpiresAt: jwt.NewNumericDate(time.Unix(claim.Exp, 0)),
Issuer: claim.Issuer,
IssuedAt: claim.Iat,
IssuedAt: jwt.NewNumericDate(time.Unix(claim.Iat, 0)),
},
claim.Nonce,
}
Expand Down Expand Up @@ -119,7 +119,7 @@ func findKidFromArray(keys []common.JWTKey, kid interface{}) (common.JWTKey, err
}

// Parse will validate jwt token and return token.
func Parse(raw string, keys []common.JWTKey) (*UserJWTClaims, error) {
func Parse(raw string, keys []common.JWTKey, options ...jwt.ParserOption) (*UserJWTClaims, error) {
parsed, err := jwt.ParseWithClaims(raw, &UserJWTClaims{}, func(t *jwt.Token) (interface{}, error) {
if t.Method.Alg() != SignAlgo {
return nil, jwt.ErrSignatureInvalid
Expand All @@ -132,11 +132,11 @@ func Parse(raw string, keys []common.JWTKey) (*UserJWTClaims, error) {
return key.PublicKey, nil
}
return nil, fmt.Errorf("could not find kid from headers")
})
}, options...)
if err != nil {
return nil, err
} else if !parsed.Valid {
return nil, jwt.ValidationError{}
return nil, fmt.Errorf("jwt token was not valid")
}

claims, ok := parsed.Claims.(*UserJWTClaims)
Expand Down
23 changes: 21 additions & 2 deletions token/token_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"time"

"github.com/elisasre/go-common"
"github.com/golang-jwt/jwt/v5"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -127,7 +128,7 @@ func TestInvalidKid(t *testing.T) {
})
require.NoError(t, err)
_, err = Parse(token, []common.JWTKey{*key2})
require.Equal(t, fmt.Sprintf("could not find kid '%s'", key.KID), err.Error())
require.Contains(t, err.Error(), fmt.Sprintf("could not find kid '%s'", key.KID))
}

func TestExpired(t *testing.T) {
Expand All @@ -143,5 +144,23 @@ func TestExpired(t *testing.T) {
})
require.NoError(t, err)
_, err = Parse(token, []common.JWTKey{*key})
require.True(t, strings.HasPrefix(err.Error(), "token is expired by"))
require.Contains(t, err.Error(), "token is expired")
}

func TestIssuer(t *testing.T) {
key, err := common.GenerateNewKeyPair()
require.NoError(t, err)

testUser := New(&common.User{})
token, err := testUser.SignExpires(*key, SignClaims{
Aud: "internal",
Exp: time.Now().Add(time.Hour).Unix(),
Issuer: "http://localhost",
Scopes: AllScopes,
})
require.NoError(t, err)
_, err = Parse(token, []common.JWTKey{*key}, jwt.WithIssuer("http://foobar"))
require.True(t, strings.Contains(err.Error(), "token has invalid issuer"))
_, err = Parse(token, []common.JWTKey{*key}, jwt.WithIssuer("http://localhost"))
require.NoError(t, err)
}

0 comments on commit 44ce0a7

Please sign in to comment.