Merge 8ed72fb into 595a671

contiamo · Aug 23, 2019 · 6a13c7b · 6a13c7b
2 parents 595a671 + 8ed72fb
commit 6a13c7b
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 144 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,19 +1,18 @@
 language: go
 
 go:
-  - 1.8.x
-  - 1.9.x
+  - 1.12
   - master
 
 
+env:
+  - GO111MODULE=on
+
 before_install:
-  - "go get -v github.com/golang/dep/cmd/dep \
-      github.com/onsi/ginkgo/ginkgo \
-      golang.org/x/tools/cmd/cover \
-      github.com/mattn/goveralls"
+  - "go get -v golang.org/x/tools/cmd/cover github.com/mattn/goveralls"
 
 install:
-  - dep ensure --vendor-only -v
+  - go install -v .
 
 script:
   - go test -v -covermode=count -coverprofile=coverage.out

diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
diff --git a/go.mod b/go.mod
@@ -0,0 +1,13 @@
+module github.com/contiamo/jwt
+
+go 1.12
+
+require (
+	github.com/dgrijalva/jwt-go v3.1.0+incompatible
+	github.com/golang/protobuf v1.3.2 // indirect
+	github.com/onsi/ginkgo v1.4.0
+	github.com/onsi/gomega v1.3.0
+	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 // indirect
+	golang.org/x/sys v0.0.0-20190422165155-953cdadca894 // indirect
+	gopkg.in/yaml.v2 v2.2.2 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,20 @@
+github.com/dgrijalva/jwt-go v3.1.0+incompatible h1:FFziAwDQQ2dz1XClWMkwvukur3evtZx7x/wMHKM1i20=
+github.com/dgrijalva/jwt-go v3.1.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/onsi/ginkgo v1.4.0 h1:n60/4GZK0Sr9O2iuGKq876Aoa0ER2ydgpMOBwzJ8e2c=
+github.com/onsi/ginkgo v1.4.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.3.0 h1:yPHEatyQC4jN3vdfvqJXG7O9vfC6LhaAV1NEdYpP+h0=
+github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/middleware.go b/middleware.go
@@ -2,7 +2,10 @@ package jwt
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+
+	"github.com/sirupsen/logrus"
 )
 
 type claimContextKeyType string
@@ -27,19 +30,31 @@ func ClaimsToContextMiddleware(handler http.Handler, header string, idpKey inter
 
 // RequireClaim checks if the requests claims contain a specific value for a specific key
 func RequireClaim(handler http.Handler, claimKey, expectedClaimValue string) http.Handler {
+	log := logrus.
+		WithField("require-claim", claimKey).
+		WithField("expected-value", expectedClaimValue)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		claims := ClaimsFromContext(r.Context())
 		if claims == nil {
-			http.Error(w, "not authorized: failed to get token from context", http.StatusUnauthorized)
+			msg := "not authorized: failed to get token from context"
+			log.Debug(msg)
+			http.Error(w, msg, http.StatusUnauthorized)
 			return
 		}
+		log = log.WithField("claims", claims)
 		claimVal, ok := claims[claimKey].(string)
 		if !ok {
-			http.Error(w, "not authorized: claim value has wrong type", http.StatusUnauthorized)
+			msg := "not authorized: claim value has wrong type"
+			log = log.WithField("actual-type", fmt.Sprintf("%T", claims[claimKey]))
+			log.Debug(msg)
+			http.Error(w, msg, http.StatusUnauthorized)
 			return
 		}
 		if claimVal != expectedClaimValue {
-			http.Error(w, "not authorized: calim value has unexpected content", http.StatusUnauthorized)
+			msg := "not authorized: claim value has unexpected content"
+			log = log.WithField("actual-content", claims[claimKey])
+			log.Debug(msg)
+			http.Error(w, msg, http.StatusUnauthorized)
 			return
 		}
 		handler.ServeHTTP(w, r)