Merge pull request #275 from dannycoates/i275

Use email address as principal in assertion format.

bin/signer.js

@@ -20,12 +20,15 @@ process.on('message', function (message) {
   if (!message.email || typeof(message.email) !== 'string') {
     return process.send({ err: { message: 'bad email' } })
   }
+  if (!message.uid || typeof(message.uid) !== 'string') {
+    return process.send({ err: { message: 'bad uid' } })
+  }
   try {
     var now = Date.now()
     jwcrypto.cert.sign(
       {
         publicKey: jwcrypto.loadPublicKeyFromObject(message.publicKey),
-        principal: { email: message.email },
+        principal: { email: message.email, uid: message.uid },
         //TODO: kA, etc
       },
       {

routes/sign.js

@@ -66,7 +66,8 @@ module.exports = function (log, isA, error, signer, domain) {
 
           signer.enqueue(
             {
-              email: sessionToken.uid + '@' + domain,
+              uid: sessionToken.uid,
+              email: sessionToken.email,
               publicKey: publicKey,
               duration: duration
             },

test/run/signer_tests.js

@@ -1,6 +1,13 @@
+var fs = require('fs')
 var path = require('path')
 var test = require('tap').test
 var CC = require('compute-cluster')
+var jwcrypto = require('jwcrypto')
+require('jwcrypto/lib/algs/rs')
+
+var config = require('../../config')
+var publicKey = jwcrypto.loadPublicKey(fs.readFileSync(config.get('publicKeyFile')))
+
 var signer = new CC({ module: path.join(__dirname, '../../bin/signer.js')})
 signer.on('error', function () {}) // don't die
 
@@ -16,6 +23,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         duration: 100
       },
       function (err, result) {
@@ -32,6 +40,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         publicKey: {},
         duration: 100
       },
@@ -49,6 +58,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         publicKey: {
           algorithm: 'RS',
           n: '1234'
@@ -69,6 +79,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         publicKey: {
           algorithm: 'RS',
           n: '7',
@@ -90,6 +101,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         publicKey: validKey,
         duration: -1
       },
@@ -107,6 +119,7 @@ test(
     signer.enqueue(
       {
         email: 'test@example.com',
+        uid: 'xxx',
         publicKey: validKey,
         duration: '2'
       },
@@ -123,6 +136,7 @@ test(
   function (t) {
     signer.enqueue(
       {
+        uid: 'xxx',
         publicKey: validKey,
         duration: 100
       },
@@ -139,13 +153,22 @@ test(
   function (t) {
     signer.enqueue(
       {
+        uid: 'xxx',
         email: 'test@example.com',
         publicKey: validKey,
         duration: 100
       },
       function (err, result) {
         t.ok(result.cert, 'got cert')
-        t.end()
+        jwcrypto.verify(
+          result.cert,
+          publicKey,
+          function (err, payload) {
+            t.equal(payload.principal.email, 'test@example.com', 'emails match')
+            t.equal(payload.principal.uid, 'xxx', 'uids match')
+            t.end()
+          }
+        )
       }
     )
   }
@@ -157,6 +180,7 @@ test(
     signer.enqueue(
       {
         crash: true,
+        uid: 'xxx',
         email: 'test@example.com',
         publicKey: validKey,
         duration: 100
@@ -190,6 +214,7 @@ test(
     for (var i = 0; i < count; i++) {
       signer.enqueue(
         {
+          uid: 'xxx',
           email: 'test@example.com',
           publicKey: validKey,
           duration: 100