fix: Fixed the user type detection

tigrisdata-archive · Oct 20, 2022 · aa35a98 · aa35a98
1 parent 254ec91
commit aa35a98
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/server/request/request.go b/server/request/request.go
@@ -252,7 +252,11 @@ func getMetadataFromToken(token string) (string, bool) {
 	if err != nil {
 		return UnknownValue, false
 	}
-	user, _ := jsonparser.GetString(decodedToken, "https://tigris/u", "email")
+	user, _, _, err := jsonparser.Get(decodedToken, "https://tigris/u")
+	if err != nil {
+		// no-op
+		log.Trace().Err(err).Msg("Failed to read https://tigris/u from access token")
+	}
 	return namespace, len(user) > 0
 }
 

diff --git a/server/request/request_test.go b/server/request/request_test.go
@@ -74,11 +74,27 @@ func TestRequestMetadata(t *testing.T) {
 		require.False(t, IsAdminApi("some-random"))
 	})
 
-	t.Run("Test get namespace from token", func(t *testing.T) {
+	t.Run("Test get namespace from token 1", func(t *testing.T) {
 		// base64 encoding of {"https://tigris/u":{"email":"test@tigrisdata.com"},"https://tigris/n":{"code":"test-namespace"},"iss":"https://test-issuer.com/","sub":"google-oauth2|1","aud":["https://tigris-api-test"],"iat":1662745495,"exp":1662831895,"azp":"test","scope":"openid profile email","org_id":"test"}
 		testToken := "header.eyJodHRwczovL3RpZ3Jpcy91Ijp7ImVtYWlsIjoidGVzdEB0aWdyaXNkYXRhLmNvbSJ9LCJodHRwczovL3RpZ3Jpcy9uIjp7ImNvZGUiOiJ0ZXN0LW5hbWVzcGFjZSJ9LCJpc3MiOiJodHRwczovL3Rlc3QtaXNzdWVyLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDEiLCJhdWQiOlsiaHR0cHM6Ly90aWdyaXMtYXBpLXRlc3QiXSwiaWF0IjoxNjYyNzQ1NDk1LCJleHAiOjE2NjI4MzE4OTUsImF6cCI6InRlc3QiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwib3JnX2lkIjoidGVzdCJ9.signature" //nolint:golint,gosec
 		ns, utype := getMetadataFromToken(testToken)
 		assert.Equal(t, "test-namespace", ns)
 		assert.Equal(t, true, utype)
 	})
+
+	t.Run("Test get namespace from token 2", func(t *testing.T) {
+		// base64 encoding of {"https://tigris/u":{},"https://tigris/n":{"code":"test-namespace"},"iss":"https://test-issuer.com/","sub":"google-oauth2|1","aud":["https://tigris-api-test"],"iat":1662745495,"exp":1662831895,"azp":"test","scope":"openid profile email","org_id":"test"}
+		testToken := "header.ewogICJodHRwczovL3RpZ3Jpcy91Ijoge30sCiAgImh0dHBzOi8vdGlncmlzL24iOiB7CiAgICAiY29kZSI6ICJ0ZXN0LW5hbWVzcGFjZSIKICB9LAogICJpc3MiOiAiaHR0cHM6Ly90ZXN0LWlzc3Vlci5jb20vIiwKICAic3ViIjogImdvb2dsZS1vYXV0aDJ8MSIsCiAgImF1ZCI6IFsKICAgICJodHRwczovL3RpZ3Jpcy1hcGktdGVzdCIKICBdLAogICJpYXQiOiAxNjYyNzQ1NDk1LAogICJleHAiOiAxNjYyODMxODk1LAogICJhenAiOiAidGVzdCIsCiAgInNjb3BlIjogIm9wZW5pZCBwcm9maWxlIGVtYWlsIiwKICAib3JnX2lkIjogInRlc3QiCn0.signature" //nolint:golint,gosec
+		ns, utype := getMetadataFromToken(testToken)
+		assert.Equal(t, "test-namespace", ns)
+		assert.Equal(t, true, utype)
+	})
+
+	t.Run("Test get namespace from token 3", func(t *testing.T) {
+		// base64 encoding of {"https://tigris/n":{"code":"test-namespace"},"iss":"https://test-issuer.com/","sub":"google-oauth2|1","aud":["https://tigris-api-test"],"iat":1662745495,"exp":1662831895,"azp":"test","scope":"openid profile email","org_id":"test"}
+		testToken := "header.eyJodHRwczovL3RpZ3Jpcy9uIjp7ImNvZGUiOiJ0ZXN0LW5hbWVzcGFjZSJ9LCJpc3MiOiJodHRwczovL3Rlc3QtaXNzdWVyLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDEiLCJhdWQiOlsiaHR0cHM6Ly90aWdyaXMtYXBpLXRlc3QiXSwiaWF0IjoxNjYyNzQ1NDk1LCJleHAiOjE2NjI4MzE4OTUsImF6cCI6InRlc3QiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwib3JnX2lkIjoidGVzdCJ9.signature" //nolint:golint,gosec
+		ns, utype := getMetadataFromToken(testToken)
+		assert.Equal(t, "test-namespace", ns)
+		assert.Equal(t, false, utype)
+	})
 }