Added a field to the user JWT that disables nonce verification when set.

nats-io · Dec 17, 2019 · dc0916a · dc0916a
1 parent 0c3fc7a
commit dc0916a
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 6 deletions.
diff --git a/account_claims_test.go b/account_claims_test.go
@@ -228,7 +228,7 @@ func TestAccountImports(t *testing.T) {
 func TestNewNilAccountClaim(t *testing.T) {
 	v := NewAccountClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil account claim"))
+		t.Fatal("expected nil account claim")
 	}
 }
 

diff --git a/activation_claims_test.go b/activation_claims_test.go
@@ -136,7 +136,7 @@ func TestPublicIsNotValid(t *testing.T) {
 func TestNilActivationClaim(t *testing.T) {
 	v := NewActivationClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

diff --git a/cluster_claims_test.go b/cluster_claims_test.go
@@ -113,7 +113,7 @@ func TestClusterSubjects(t *testing.T) {
 func TestNewNilClusterClaims(t *testing.T) {
 	v := NewClusterClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

diff --git a/go.mod b/go.mod
@@ -1,3 +1,5 @@
 module github.com/nats-io/jwt
 
 require github.com/nats-io/nkeys v0.1.3
+
+go 1.13
diff --git a/operator_claims_test.go b/operator_claims_test.go
@@ -110,7 +110,7 @@ func TestInvalidOperatorClaimIssuer(t *testing.T) {
 func TestNewNilOperatorClaims(t *testing.T) {
 	v := NewOperatorClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

diff --git a/server_claims_test.go b/server_claims_test.go
@@ -113,7 +113,7 @@ func TestServerSubjects(t *testing.T) {
 func TestNewNilServerClaims(t *testing.T) {
 	v := NewServerClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

diff --git a/user_claims.go b/user_claims.go
@@ -40,6 +40,8 @@ type UserClaims struct {
 	// IssuerAccount stores the public key for the account the issuer represents.
 	// When set, the claim was issued by a signing key.
 	IssuerAccount string `json:"issuer_account,omitempty"`
+	// When BearerToken is true server will ignore any nonce-signing verification
+	BearerToken bool `json:"bearer_token,omitempty"`
 }
 
 // NewUserClaims creates a user JWT with the specific subject/public key
@@ -97,3 +99,8 @@ func (u *UserClaims) Payload() interface{} {
 func (u *UserClaims) String() string {
 	return u.ClaimsData.String(u)
 }
+
+// IsBearerToken returns true if nonce-signing requirements should be skipped
+func (u *UserClaims) IsBearerToken() bool {
+	return u.BearerToken
+}
diff --git a/user_claims_test.go b/user_claims_test.go
@@ -113,7 +113,7 @@ func TestUserSubjects(t *testing.T) {
 func TestNewNilUserClaim(t *testing.T) {
 	v := NewUserClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }