Merge pull request #503 from jmpsec/jwt-registeredclaims

Using RegisteredClaims in JWT to avoid deprecated code

admin/handlers/post.go

@@ -1268,7 +1268,7 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 			return
 		}
 		if u.Token {
-			token, exp, err := h.Users.CreateToken(newUser.Username)
+			token, exp, err := h.Users.CreateToken(newUser.Username, h.AdminConfig.Host)
 			if err != nil {
 				adminErrorResponse(w, "error creating token", http.StatusInternalServerError, err)
 				h.Inc(metricAdminErr)
@@ -1348,7 +1348,7 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 						return
 					}
 				*/
-				token, exp, err := h.Users.CreateToken(u.Username)
+				token, exp, err := h.Users.CreateToken(u.Username, h.AdminConfig.Host)
 				if err != nil {
 					adminErrorResponse(w, "error creating token", http.StatusInternalServerError, err)
 					h.Inc(metricAdminErr)

admin/handlers/tokens.go

@@ -102,7 +102,7 @@ func (h *HandlersAdmin) TokensPOSTHandler(w http.ResponseWriter, r *http.Request
 	if h.Settings.DebugService(settings.ServiceAdmin) {
 		log.Println("DebugService: Creating token")
 	}
-	token, exp, err := h.Users.CreateToken(user.Username)
+	token, exp, err := h.Users.CreateToken(user.Username, h.AdminConfig.Host)
 	if err != nil {
 		adminErrorResponse(w, "error creating token", http.StatusInternalServerError, err)
 		h.Inc(metricAdminErr)

api/handlers-login.go

@@ -58,7 +58,7 @@ func apiLoginHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Do we have a token already?
 	if user.APIToken == "" {
-		token, exp, err := apiUsers.CreateToken(l.Username)
+		token, exp, err := apiUsers.CreateToken(l.Username, serviceName)
 		if err != nil {
 			apiErrorResponse(w, "error creating token", http.StatusInternalServerError, err)
 			incMetric(metricAPILoginErr)

users/users.go

@@ -38,7 +38,7 @@ type AdminUser struct {
 // TokenClaims to hold user claims when using JWT
 type TokenClaims struct {
 	Username string `json:"username"`
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }
 
 // UserManager have all users of the system
@@ -100,15 +100,14 @@ func (m *UserManager) CheckLoginCredentials(username, password string) (bool, Ad
 }
 
 // CreateToken to create a new JWT token for a given user
-func (m *UserManager) CreateToken(username string) (string, time.Time, error) {
+func (m *UserManager) CreateToken(username, issuer string) (string, time.Time, error) {
 	expirationTime := time.Now().Add(time.Hour * time.Duration(m.JWTConfig.HoursToExpire))
 	// Create the JWT claims, which includes the username, level and expiry time
 	claims := &TokenClaims{
 		Username: username,
-		StandardClaims: jwt.StandardClaims{
-			// In JWT, the expiry time is expressed as unix milliseconds
-			ExpiresAt: expirationTime.Unix(),
-			Issuer:    DefaultTokeIssuer,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(expirationTime),
+			Issuer:    issuer,
 		},
 	}
 	// Declare the token with the algorithm used for signing, and the claims
@@ -163,12 +162,12 @@ func (m *UserManager) New(username, password, email, fullname string, admin bool
 			return AdminUser{}, err
 		}
 		return AdminUser{
-			Username:   username,
-			PassHash:   passhash,
-			UUID:       utils.GenUUID(),
-			Admin:      admin,
-			Email:      email,
-			Fullname:   fullname,
+			Username: username,
+			PassHash: passhash,
+			UUID:     utils.GenUUID(),
+			Admin:    admin,
+			Email:    email,
+			Fullname: fullname,
 		}, nil
 	}
 	return AdminUser{}, fmt.Errorf("%s already exists", username)

users/users_test.go

@@ -77,7 +77,7 @@ func TestUserManager(t *testing.T) {
 		assert.Equal(t, 123, int(user.EnvironmentID))
 	})
 	t.Run("CreateCheckToken", func(t *testing.T) {
-		token, tt, err := manager.CreateToken("testUsername")
+		token, tt, err := manager.CreateToken("testUsername", "issuer")
 		assert.NoError(t, err)
 		assert.NotEmpty(t, token)
 		now := time.Now()