From 90ed55c0dfdabc3e0c321cfbdaface35f532e6f2 Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Thu, 10 Jun 2021 16:16:59 -0700 Subject: [PATCH 1/7] new case - roles in JWT --- .../org/hypertrace/core/grpcutils/context/Jwt.java | 3 +++ .../hypertrace/core/grpcutils/context/JwtParser.java | 7 +++++++ .../core/grpcutils/context/JwtParserTest.java | 11 +++++++++++ 3 files changed, 21 insertions(+) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java index f9a2fb6..ece869a 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java @@ -1,6 +1,7 @@ package org.hypertrace.core.grpcutils.context; import java.util.Optional; +import java.util.Set; interface Jwt { Optional getUserId(); @@ -10,4 +11,6 @@ interface Jwt { Optional getPictureUrl(); Optional getEmail(); + + Set getRoles(); } diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java index 0c7fb44..8de6342 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java @@ -5,6 +5,7 @@ import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; import java.util.Optional; +import java.util.Set; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import org.slf4j.Logger; @@ -49,6 +50,7 @@ private static final class DefaultJwt implements Jwt { private static final String NAME_CLAIM = "name"; private static final String PICTURE_CLAIM = "picture"; private static final String EMAIL_CLAIM = "email"; + private static final String ROLES_CLAIM = "https://traceable.ai/roles"; private DefaultJwt(DecodedJWT jwt) { this.jwt = jwt; @@ -73,5 +75,10 @@ public Optional getPictureUrl() { public Optional getEmail() { return Optional.ofNullable(jwt.getClaim(EMAIL_CLAIM).asString()); } + + @Override + public Set getRoles() { + return null; + } } } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index 1355f0d..3e6b172 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -9,6 +9,9 @@ import static org.mockito.Mockito.when; import java.util.Optional; +import java.util.Set; + +import com.google.common.collect.ImmutableSet; import org.junit.jupiter.api.Test; import org.mockito.ArgumentMatchers; @@ -19,6 +22,7 @@ class JwtParserTest { private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; private final String testJwtEmail = "jrocket@example.com"; + private final Set testRoles = ImmutableSet.of("traceable", "user", "billing_admin"); @Test void testGoodJwtParse() { @@ -54,4 +58,11 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() { assertEquals(Optional.empty(), parser.fromAuthHeader("Bad header")); verify(parser, times(0)).fromJwt(ArgumentMatchers.any()); } + + @Test + void testTraceableRolesCanBeParsedFromToken() { + JwtParser parser = new JwtParser(); + Optional jwt = parser.fromJwt(testJwt); + assertEquals(Optional.of(testRoles), jwt.flatMap(Jwt::getEmail)); + } } From 9c9a4eced8639d8a57f34fd201148a012a7cb884 Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Thu, 10 Jun 2021 16:35:20 -0700 Subject: [PATCH 2/7] update token to include roles --- .../org/hypertrace/core/grpcutils/context/JwtParserTest.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index 3e6b172..db5caee 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -16,8 +16,7 @@ import org.mockito.ArgumentMatchers; class JwtParserTest { - private final String testJwt = - "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.aesOuNIamZkTMR30CBt0J9NMZZt9iLRETa5ayN_EcVs"; + private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbGluZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; private final String testJwtUserId = "jrocket@example.com"; private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; @@ -63,6 +62,6 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() { void testTraceableRolesCanBeParsedFromToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(testJwt); - assertEquals(Optional.of(testRoles), jwt.flatMap(Jwt::getEmail)); + assertEquals(Optional.of(testRoles), jwt.flatMap(j -> Optional.of(j.getRoles()))); } } From 30a49001bb9bc32dc149170cded20935db2e03f9 Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Thu, 10 Jun 2021 16:43:17 -0700 Subject: [PATCH 3/7] empty roles case --- .../org/hypertrace/core/grpcutils/context/JwtParser.java | 4 +++- .../hypertrace/core/grpcutils/context/JwtParserTest.java | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java index 8de6342..aecab3a 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java @@ -4,6 +4,8 @@ import com.auth0.jwt.interfaces.DecodedJWT; import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; + +import java.util.HashSet; import java.util.Optional; import java.util.Set; import java.util.concurrent.ExecutionException; @@ -78,7 +80,7 @@ public Optional getEmail() { @Override public Set getRoles() { - return null; + return new HashSet<>(jwt.getClaim(ROLES_CLAIM).asList(String.class)); } } } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index db5caee..2b3f6b7 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -8,6 +8,7 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import java.util.Collections; import java.util.Optional; import java.util.Set; @@ -17,6 +18,7 @@ class JwtParserTest { private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbGluZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; + private final String emptyRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6W119.sFUMZNyypj379xy5P4kqTbBXBOR5XvX2nhpKx6YiiwU"; private final String testJwtUserId = "jrocket@example.com"; private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; @@ -64,4 +66,11 @@ void testTraceableRolesCanBeParsedFromToken() { Optional jwt = parser.fromJwt(testJwt); assertEquals(Optional.of(testRoles), jwt.flatMap(j -> Optional.of(j.getRoles()))); } + + @Test + void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() { + JwtParser parser = new JwtParser(); + Optional jwt = parser.fromJwt(emptyRolesJwt); + assertEquals(Optional.of(Collections.emptySet()), jwt.flatMap(j -> Optional.of(j.getRoles()))); + } } From 21cad13a6e2ef2e0e31449bc2f5d83d8d1d6c8fb Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Thu, 10 Jun 2021 16:49:40 -0700 Subject: [PATCH 4/7] no roles case --- .../org/hypertrace/core/grpcutils/context/JwtParser.java | 9 ++++++++- .../hypertrace/core/grpcutils/context/JwtParserTest.java | 9 +++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java index aecab3a..ee145de 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java @@ -1,11 +1,14 @@ package org.hypertrace.core.grpcutils.context; import com.auth0.jwt.JWT; +import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; +import java.util.Collections; import java.util.HashSet; +import java.util.List; import java.util.Optional; import java.util.Set; import java.util.concurrent.ExecutionException; @@ -80,7 +83,11 @@ public Optional getEmail() { @Override public Set getRoles() { - return new HashSet<>(jwt.getClaim(ROLES_CLAIM).asList(String.class)); + List roles = jwt.getClaim(ROLES_CLAIM).asList(String.class); + if (roles == null || roles.isEmpty()) { + return Collections.emptySet(); + } + return new HashSet<>(roles); } } } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index 2b3f6b7..f4682a2 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -19,6 +19,7 @@ class JwtParserTest { private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbGluZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; private final String emptyRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6W119.sFUMZNyypj379xy5P4kqTbBXBOR5XvX2nhpKx6YiiwU"; + private final String noRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20ifQ.Ui1Z2RhiVe3tq6uJPgcyjsfDBdeOeINs_gXEHC6cdpU"; private final String testJwtUserId = "jrocket@example.com"; private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; @@ -73,4 +74,12 @@ void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() { Optional jwt = parser.fromJwt(emptyRolesJwt); assertEquals(Optional.of(Collections.emptySet()), jwt.flatMap(j -> Optional.of(j.getRoles()))); } + + @Test + void testRolesAreEmptyIfRolesIfNoRolesClaimInToken() { + JwtParser parser = new JwtParser(); + Optional jwt = parser.fromJwt(noRolesJwt); + assertEquals(Optional.of(Collections.emptySet()), jwt.flatMap(j -> Optional.of(j.getRoles()))); + } + } From 3af330fb2047186d66ea089fa54b45f110fcc13d Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Thu, 10 Jun 2021 17:19:34 -0700 Subject: [PATCH 5/7] roles are propagated in context object --- .../grpcutils/context/RequestContext.java | 7 ++++ .../core/grpcutils/context/JwtParserTest.java | 6 +-- .../grpcutils/context/RequestContextTest.java | 38 ++++++++++++++----- 3 files changed, 39 insertions(+), 12 deletions(-) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java index 6116397..b7379df 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java @@ -1,9 +1,12 @@ package org.hypertrace.core.grpcutils.context; import io.grpc.Context; + +import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Optional; +import java.util.Set; import java.util.concurrent.Callable; import javax.annotation.Nonnull; @@ -44,6 +47,10 @@ public Optional getEmail() { return getJwt().flatMap(Jwt::getEmail); } + public Set getRoles() { + return getJwt().map(Jwt::getRoles).orElse(Collections.emptySet()); + } + private Optional getJwt() { return get(RequestContextConstants.AUTHORIZATION_HEADER).flatMap(jwtParser::fromAuthHeader); } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index f4682a2..5b655f2 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -65,21 +65,21 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() { void testTraceableRolesCanBeParsedFromToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(testJwt); - assertEquals(Optional.of(testRoles), jwt.flatMap(j -> Optional.of(j.getRoles()))); + assertEquals(Optional.of(testRoles), jwt.map(Jwt::getRoles)); } @Test void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(emptyRolesJwt); - assertEquals(Optional.of(Collections.emptySet()), jwt.flatMap(j -> Optional.of(j.getRoles()))); + assertEquals(Optional.of(Collections.emptySet()), jwt.map(Jwt::getRoles)); } @Test void testRolesAreEmptyIfRolesIfNoRolesClaimInToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(noRolesJwt); - assertEquals(Optional.of(Collections.emptySet()), jwt.flatMap(j -> Optional.of(j.getRoles()))); + assertEquals(Optional.of(Collections.emptySet()), jwt.map(Jwt::getRoles)); } } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java index 31dd493..1185094 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java @@ -2,35 +2,40 @@ import java.util.Map; import java.util.Optional; +import java.util.Set; + +import com.google.common.collect.ImmutableSet; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; +import static org.junit.jupiter.api.Assertions.assertEquals; + /** Unit tests for {@link RequestContext} and utility methods in it. */ public class RequestContextTest { private static final String TENANT_ID = "example-tenant-id"; private static final String TEST_AUTH_HEADER = "Bearer sample-auth-header"; @Test - public void testTenantId() { + void testTenantId() { RequestContext requestContext = new RequestContext(); requestContext.add(RequestContextConstants.TENANT_ID_HEADER_KEY, TENANT_ID); Optional tenantId = requestContext.getTenantId(); - Assertions.assertEquals(Optional.of(TENANT_ID), tenantId); + assertEquals(Optional.of(TENANT_ID), tenantId); requestContext = new RequestContext(); tenantId = requestContext.getTenantId(); - Assertions.assertEquals(Optional.empty(), tenantId); + assertEquals(Optional.empty(), tenantId); } @Test - public void testGetRequestHeaders() { + void testGetRequestHeaders() { RequestContext requestContext = new RequestContext(); requestContext.add(RequestContextConstants.AUTHORIZATION_HEADER, TEST_AUTH_HEADER); requestContext.add("x-some-tenant-header", "v1"); Map requestHeaders = requestContext.getRequestHeaders(); - Assertions.assertEquals( + assertEquals( Map.of( RequestContextConstants.AUTHORIZATION_HEADER, TEST_AUTH_HEADER, @@ -40,12 +45,27 @@ public void testGetRequestHeaders() { } @Test - public void testCreateForTenantId() { + void testCreateForTenantId() { RequestContext requestContext = RequestContext.forTenantId(TENANT_ID); - Assertions.assertEquals(Optional.of(TENANT_ID), requestContext.getTenantId()); - Assertions.assertEquals( + assertEquals(Optional.of(TENANT_ID), requestContext.getTenantId()); + assertEquals( Optional.of(TENANT_ID), requestContext.get(RequestContextConstants.TENANT_ID_HEADER_KEY)); - Assertions.assertEquals( + assertEquals( Map.of(RequestContextConstants.TENANT_ID_HEADER_KEY, TENANT_ID), requestContext.getAll()); } + + @Test + void testRolesArePropagatedInRequestContext() { + Set expectedRoles = ImmutableSet.of("billing_admin", "user", "traceable"); + String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsIm" + + "V4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6Ik" + + "pvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsIn" + + "BpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbG" + + "luZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; + + RequestContext requestContext = new RequestContext(); + requestContext.add("authorization", "Bearer " + jwt); + Set actualRoles = requestContext.getRoles(); + assertEquals(expectedRoles, actualRoles); + } } From 3af069283d81ecd1a2f96284820de9b29222e222 Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Fri, 11 Jun 2021 16:26:35 -0700 Subject: [PATCH 6/7] address review comments --- .../hypertrace/core/grpcutils/context/Jwt.java | 4 ++-- .../core/grpcutils/context/JwtParser.java | 6 +++--- .../core/grpcutils/context/RequestContext.java | 6 +++--- .../core/grpcutils/context/JwtParserTest.java | 15 +++++++-------- .../grpcutils/context/RequestContextTest.java | 13 ++++++------- 5 files changed, 21 insertions(+), 23 deletions(-) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java index ece869a..2449be1 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java @@ -1,7 +1,7 @@ package org.hypertrace.core.grpcutils.context; +import java.util.List; import java.util.Optional; -import java.util.Set; interface Jwt { Optional getUserId(); @@ -12,5 +12,5 @@ interface Jwt { Optional getEmail(); - Set getRoles(); + List getRoles(); } diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java index ee145de..ad28352 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java @@ -82,12 +82,12 @@ public Optional getEmail() { } @Override - public Set getRoles() { + public List getRoles() { List roles = jwt.getClaim(ROLES_CLAIM).asList(String.class); if (roles == null || roles.isEmpty()) { - return Collections.emptySet(); + return Collections.emptyList(); } - return new HashSet<>(roles); + return roles; } } } diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java index b7379df..43d61ea 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java @@ -4,9 +4,9 @@ import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.Set; import java.util.concurrent.Callable; import javax.annotation.Nonnull; @@ -47,8 +47,8 @@ public Optional getEmail() { return getJwt().flatMap(Jwt::getEmail); } - public Set getRoles() { - return getJwt().map(Jwt::getRoles).orElse(Collections.emptySet()); + public List getRoles() { + return getJwt().map(Jwt::getRoles).orElse(Collections.emptyList()); } private Optional getJwt() { diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index 5b655f2..83cc79a 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -9,22 +9,22 @@ import static org.mockito.Mockito.when; import java.util.Collections; +import java.util.List; import java.util.Optional; -import java.util.Set; -import com.google.common.collect.ImmutableSet; +import com.google.common.collect.ImmutableList; import org.junit.jupiter.api.Test; import org.mockito.ArgumentMatchers; class JwtParserTest { - private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbGluZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; + private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbGxpbmdfYWRtaW4iXX0.hcGrulbxkDDJhWuos18iQzpFjPBmlF6xt6wKusB2ZYg"; private final String emptyRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6W119.sFUMZNyypj379xy5P4kqTbBXBOR5XvX2nhpKx6YiiwU"; private final String noRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20ifQ.Ui1Z2RhiVe3tq6uJPgcyjsfDBdeOeINs_gXEHC6cdpU"; private final String testJwtUserId = "jrocket@example.com"; private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; private final String testJwtEmail = "jrocket@example.com"; - private final Set testRoles = ImmutableSet.of("traceable", "user", "billing_admin"); + private final List testRoles = ImmutableList.of("super_user", "user", "billing_admin"); @Test void testGoodJwtParse() { @@ -62,7 +62,7 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() { } @Test - void testTraceableRolesCanBeParsedFromToken() { + void testRolesCanBeParsedFromToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(testJwt); assertEquals(Optional.of(testRoles), jwt.map(Jwt::getRoles)); @@ -72,14 +72,13 @@ void testTraceableRolesCanBeParsedFromToken() { void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(emptyRolesJwt); - assertEquals(Optional.of(Collections.emptySet()), jwt.map(Jwt::getRoles)); + assertEquals(Optional.of(Collections.emptyList()), jwt.map(Jwt::getRoles)); } @Test void testRolesAreEmptyIfRolesIfNoRolesClaimInToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(noRolesJwt); - assertEquals(Optional.of(Collections.emptySet()), jwt.map(Jwt::getRoles)); + assertEquals(Optional.of(Collections.emptyList()), jwt.map(Jwt::getRoles)); } - } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java index 1185094..b317ccd 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java @@ -1,11 +1,10 @@ package org.hypertrace.core.grpcutils.context; +import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.Set; -import com.google.common.collect.ImmutableSet; -import org.junit.jupiter.api.Assertions; +import com.google.common.collect.ImmutableList; import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -56,16 +55,16 @@ void testCreateForTenantId() { @Test void testRolesArePropagatedInRequestContext() { - Set expectedRoles = ImmutableSet.of("billing_admin", "user", "traceable"); + List expectedRoles = ImmutableList.of("super_user", "user", "billing_admin"); String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsIm" + "V4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6Ik" + "pvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsIn" + - "BpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJ0cmFjZWFibGUiLCJ1c2VyIiwiYmlsbG" + - "luZ19hZG1pbiJdfQ.xdWar7cgJ_5V3SgECanVtBMhxJGb-DbeIfrKSpAQLJM"; + "BpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbG" + + "xpbmdfYWRtaW4iXX0.hcGrulbxkDDJhWuos18iQzpFjPBmlF6xt6wKusB2ZYg"; RequestContext requestContext = new RequestContext(); requestContext.add("authorization", "Bearer " + jwt); - Set actualRoles = requestContext.getRoles(); + List actualRoles = requestContext.getRoles(); assertEquals(expectedRoles, actualRoles); } } From f24d4e5f25aeddc7723dd9d7852b8cbb75dffd3f Mon Sep 17 00:00:00 2001 From: Denys Sinyakov Date: Mon, 14 Jun 2021 11:55:25 -0700 Subject: [PATCH 7/7] remove specific claim names and pass it as an getRoles arg instead --- .../java/org/hypertrace/core/grpcutils/context/Jwt.java | 2 +- .../org/hypertrace/core/grpcutils/context/JwtParser.java | 8 ++------ .../core/grpcutils/context/RequestContext.java | 4 ++-- .../hypertrace/core/grpcutils/context/JwtParserTest.java | 9 +++++---- .../core/grpcutils/context/RequestContextTest.java | 6 +++--- 5 files changed, 13 insertions(+), 16 deletions(-) diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java index 2449be1..afb69f9 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java @@ -12,5 +12,5 @@ interface Jwt { Optional getEmail(); - List getRoles(); + List getRoles(String rolesClaim); } diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java index ad28352..61c393a 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java @@ -1,16 +1,13 @@ package org.hypertrace.core.grpcutils.context; import com.auth0.jwt.JWT; -import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; import java.util.Collections; -import java.util.HashSet; import java.util.List; import java.util.Optional; -import java.util.Set; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import org.slf4j.Logger; @@ -55,7 +52,6 @@ private static final class DefaultJwt implements Jwt { private static final String NAME_CLAIM = "name"; private static final String PICTURE_CLAIM = "picture"; private static final String EMAIL_CLAIM = "email"; - private static final String ROLES_CLAIM = "https://traceable.ai/roles"; private DefaultJwt(DecodedJWT jwt) { this.jwt = jwt; @@ -82,8 +78,8 @@ public Optional getEmail() { } @Override - public List getRoles() { - List roles = jwt.getClaim(ROLES_CLAIM).asList(String.class); + public List getRoles(String rolesClaim) { + List roles = jwt.getClaim(rolesClaim).asList(String.class); if (roles == null || roles.isEmpty()) { return Collections.emptyList(); } diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java index 43d61ea..b8b4151 100644 --- a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java +++ b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java @@ -47,8 +47,8 @@ public Optional getEmail() { return getJwt().flatMap(Jwt::getEmail); } - public List getRoles() { - return getJwt().map(Jwt::getRoles).orElse(Collections.emptyList()); + public List getRoles(String rolesClaim) { + return getJwt().map(jwt -> jwt.getRoles(rolesClaim)).orElse(Collections.emptyList()); } private Optional getJwt() { diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java index 83cc79a..c7359a5 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java @@ -17,13 +17,14 @@ import org.mockito.ArgumentMatchers; class JwtParserTest { - private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbGxpbmdfYWRtaW4iXX0.hcGrulbxkDDJhWuos18iQzpFjPBmlF6xt6wKusB2ZYg"; + private final String testJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbGxpbmdfYWRtaW4iXX0.lEDjPPCjr-Epv6pNslq-HK9vmxfstp1sY85GstlbU1I"; private final String emptyRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6W119.sFUMZNyypj379xy5P4kqTbBXBOR5XvX2nhpKx6YiiwU"; private final String noRolesJwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20ifQ.Ui1Z2RhiVe3tq6uJPgcyjsfDBdeOeINs_gXEHC6cdpU"; private final String testJwtUserId = "jrocket@example.com"; private final String testJwtName = "Johnny Rocket"; private final String testJwtPictureUrl = "www.example.com"; private final String testJwtEmail = "jrocket@example.com"; + private final String testRolesClaim = "roles"; private final List testRoles = ImmutableList.of("super_user", "user", "billing_admin"); @Test @@ -65,20 +66,20 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() { void testRolesCanBeParsedFromToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(testJwt); - assertEquals(Optional.of(testRoles), jwt.map(Jwt::getRoles)); + assertEquals(Optional.of(testRoles), jwt.map(j -> j.getRoles(testRolesClaim))); } @Test void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(emptyRolesJwt); - assertEquals(Optional.of(Collections.emptyList()), jwt.map(Jwt::getRoles)); + assertEquals(Optional.of(Collections.emptyList()), jwt.map(j -> j.getRoles(testRolesClaim))); } @Test void testRolesAreEmptyIfRolesIfNoRolesClaimInToken() { JwtParser parser = new JwtParser(); Optional jwt = parser.fromJwt(noRolesJwt); - assertEquals(Optional.of(Collections.emptyList()), jwt.map(Jwt::getRoles)); + assertEquals(Optional.of(Collections.emptyList()), jwt.map(j -> j.getRoles(testRolesClaim))); } } diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java index b317ccd..552077a 100644 --- a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java +++ b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/RequestContextTest.java @@ -59,12 +59,12 @@ void testRolesArePropagatedInRequestContext() { String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsIm" + "V4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6Ik" + "pvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsIn" + - "BpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbG" + - "xpbmdfYWRtaW4iXX0.hcGrulbxkDDJhWuos18iQzpFjPBmlF6xt6wKusB2ZYg"; + "BpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbGxpbmdfYWRtaW4iXX0.lEDjPPCjr-" + + "Epv6pNslq-HK9vmxfstp1sY85GstlbU1I"; RequestContext requestContext = new RequestContext(); requestContext.add("authorization", "Bearer " + jwt); - List actualRoles = requestContext.getRoles(); + List actualRoles = requestContext.getRoles("roles"); assertEquals(expectedRoles, actualRoles); } }