Skip to content

Commit

Permalink
authorize: use session.user_id in headers (#2571) (#2572)
Browse files Browse the repository at this point in the history 
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
  • Loading branch information
@backport-actions-token @calebdoxsey
backport-actions-token[bot] and calebdoxsey committed Sep 3, 2021
1 parent 1846e3c commit aa9d7b8
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
6 changes: 4 additions & 2 deletions authorize/evaluator/headers_evaluator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@ func TestHeadersEvaluator(t *testing.T) {
t.Run("jwt", func(t *testing.T) {
output, err := eval(t,
[]proto.Message{
&session.Session{Id: "s1", ImpersonateSessionId: proto.String("s2")},
&session.Session{Id: "s2"},
&session.Session{Id: "s1", ImpersonateSessionId: proto.String("s2"), UserId: "u1"},
&session.Session{Id: "s2", UserId: "u2"},
},
&HeadersRequest{
FromAudience: "from.example.com",
Expand All @@ -104,5 +104,7 @@ func TestHeadersEvaluator(t *testing.T) {
assert.LessOrEqual(t, claims["exp"], float64(time.Now().Add(time.Minute*6).Unix()),
"JWT should expire within 5 minutes, but got: %v", claims["exp"])
assert.Equal(t, "s1", claims["sid"], "should set session id to input session id")
assert.Equal(t, "u2", claims["sub"], "should set subject to user id")
assert.Equal(t, "u2", claims["user"], "should set user to user id")
})
}
4 changes: 2 additions & 2 deletions authorize/evaluator/opa/policy/headers.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,13 @@ jwt_payload_iat = v {
}

jwt_payload_sub = v {
v = user.id
v = session.user_id
} else = "" {
true
}

jwt_payload_user = v {
v = user.id
v = session.user_id
} else = "" {
true
}
Expand Down

0 comments on commit aa9d7b8

Please sign in to comment.