Skip to content

Commit

Permalink
aud promotion happened too late, move it up
Browse files Browse the repository at this point in the history
  • Loading branch information
@umputun
umputun committed Aug 24, 2019
1 parent bc1f01c commit 34d88e8
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
2 changes: 1 addition & 1 deletion auth_test.go
View file
Expand Up @@ -205,7 +205,7 @@ func TestIntegrationUserInfo(t *testing.T) {
err = json.NewDecoder(resp.Body).Decode(&u)
require.NoError(t, err)

assert.Equal(t, token.User{Name: "dev_user", ID: "dev_user",
assert.Equal(t, token.User{Name: "dev_user", ID: "dev_user", Audience: "my-test-site",
Picture: "http://127.0.0.1:8080/api/v1/avatar/ccfa2abd01667605b4e1fc4fcb91b1e1af323240.image"}, u)
}

Expand Down
9 changes: 6 additions & 3 deletions token/jwt.go
View file
Expand Up @@ -245,6 +245,11 @@ func (j *Service) Get(r *http.Request) (Claims, string, error) {
return Claims{}, "", errors.Wrap(err, "failed to get token")
}

// promote claim's aud to User.Audience
if claims.User != nil {
claims.User.Audience = claims.Audience
}

if !fromCookie && j.IsExpired(claims) {
return Claims{}, "", errors.New("token expired")
}
Expand All @@ -259,9 +264,7 @@ func (j *Service) Get(r *http.Request) (Claims, string, error) {
return Claims{}, "", errors.New("xsrf mismatch")
}
}
if claims.User != nil {
claims.User.Audience = claims.Audience
}

return claims, tokenString, nil
}

Expand Down
3 changes: 2 additions & 1 deletion token/jwt_test.go
View file
Expand Up @@ -398,7 +398,8 @@ func TestJWT_SetAndGetWithXsrfMismatch(t *testing.T) {
req.AddCookie(resp.Cookies()[0])
req.Header.Add(xsrfCustomHeaderKey, "random id wrong")
c, _, err := j.Get(req)
require.Nil(t, err, "xsrf mismatch, but ignored")
require.NoError(t, err, "xsrf mismatch, but ignored")
claims.User.Audience = c.Audience // set aud to user because we don't do the normal Get call
assert.Equal(t, claims, c)
}

Expand Down

0 comments on commit 34d88e8

Please sign in to comment.