From dc0916aee199ee6dcf142650f13a670f04433bb1 Mon Sep 17 00:00:00 2001 From: aricart Date: Tue, 17 Dec 2019 14:18:25 -0400 Subject: [PATCH] Added a field to the user JWT that disables nonce verification when set. --- account_claims_test.go | 2 +- activation_claims_test.go | 2 +- cluster_claims_test.go | 2 +- go.mod | 2 ++ operator_claims_test.go | 2 +- server_claims_test.go | 2 +- user_claims.go | 7 +++++++ user_claims_test.go | 2 +- 8 files changed, 15 insertions(+), 6 deletions(-) diff --git a/account_claims_test.go b/account_claims_test.go index bdeb1de..c9fe4a2 100644 --- a/account_claims_test.go +++ b/account_claims_test.go @@ -228,7 +228,7 @@ func TestAccountImports(t *testing.T) { func TestNewNilAccountClaim(t *testing.T) { v := NewAccountClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil account claim")) + t.Fatal("expected nil account claim") } } diff --git a/activation_claims_test.go b/activation_claims_test.go index aed77df..19532b3 100644 --- a/activation_claims_test.go +++ b/activation_claims_test.go @@ -136,7 +136,7 @@ func TestPublicIsNotValid(t *testing.T) { func TestNilActivationClaim(t *testing.T) { v := NewActivationClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil user claim")) + t.Fatal("expected nil user claim") } } diff --git a/cluster_claims_test.go b/cluster_claims_test.go index bc84c77..5573c8d 100644 --- a/cluster_claims_test.go +++ b/cluster_claims_test.go @@ -113,7 +113,7 @@ func TestClusterSubjects(t *testing.T) { func TestNewNilClusterClaims(t *testing.T) { v := NewClusterClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil user claim")) + t.Fatal("expected nil user claim") } } diff --git a/go.mod b/go.mod index a780dde..778d12c 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module github.com/nats-io/jwt require github.com/nats-io/nkeys v0.1.3 + +go 1.13 diff --git a/operator_claims_test.go b/operator_claims_test.go index 750dce1..73cae23 100644 --- a/operator_claims_test.go +++ b/operator_claims_test.go @@ -110,7 +110,7 @@ func TestInvalidOperatorClaimIssuer(t *testing.T) { func TestNewNilOperatorClaims(t *testing.T) { v := NewOperatorClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil user claim")) + t.Fatal("expected nil user claim") } } diff --git a/server_claims_test.go b/server_claims_test.go index b81c829..70fc3d5 100644 --- a/server_claims_test.go +++ b/server_claims_test.go @@ -113,7 +113,7 @@ func TestServerSubjects(t *testing.T) { func TestNewNilServerClaims(t *testing.T) { v := NewServerClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil user claim")) + t.Fatal("expected nil user claim") } } diff --git a/user_claims.go b/user_claims.go index 0ec1da3..4ff0410 100644 --- a/user_claims.go +++ b/user_claims.go @@ -40,6 +40,8 @@ type UserClaims struct { // IssuerAccount stores the public key for the account the issuer represents. // When set, the claim was issued by a signing key. IssuerAccount string `json:"issuer_account,omitempty"` + // When BearerToken is true server will ignore any nonce-signing verification + BearerToken bool `json:"bearer_token,omitempty"` } // NewUserClaims creates a user JWT with the specific subject/public key @@ -97,3 +99,8 @@ func (u *UserClaims) Payload() interface{} { func (u *UserClaims) String() string { return u.ClaimsData.String(u) } + +// IsBearerToken returns true if nonce-signing requirements should be skipped +func (u *UserClaims) IsBearerToken() bool { + return u.BearerToken +} diff --git a/user_claims_test.go b/user_claims_test.go index 7c8f547..c9da7fe 100644 --- a/user_claims_test.go +++ b/user_claims_test.go @@ -113,7 +113,7 @@ func TestUserSubjects(t *testing.T) { func TestNewNilUserClaim(t *testing.T) { v := NewUserClaims("") if v != nil { - t.Fatal(fmt.Sprintf("expected nil user claim")) + t.Fatal("expected nil user claim") } }