diff --git a/provider/custom_server_test.go b/provider/custom_server_test.go index 3083920..69c4f02 100644 --- a/provider/custom_server_test.go +++ b/provider/custom_server_test.go @@ -80,7 +80,7 @@ func TestCustomProvider(t *testing.T) { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } - assert.Equal(t, 2, len(resp.Cookies())) + require.Equal(t, 2, len(resp.Cookies())) assert.Equal(t, "JWT", resp.Cookies()[0].Name) assert.NotEqual(t, "", resp.Cookies()[0].Value, "token set") assert.Equal(t, 2678400, resp.Cookies()[0].MaxAge) diff --git a/provider/telegram_test.go b/provider/telegram_test.go index f56839b..988f0ec 100644 --- a/provider/telegram_test.go +++ b/provider/telegram_test.go @@ -89,7 +89,6 @@ func TestTelegramUnconfirmedRequest(t *testing.T) { func TestTelegramConfirmedRequest(t *testing.T) { var servedToken string - // is set when token becomes used, // no sync is required because only a single goroutine in TelegramHandler.Run() reads and writes it var tokenAlreadyUsed bool diff --git a/token/jwt.go b/token/jwt.go index 57687a6..d37291d 100644 --- a/token/jwt.go +++ b/token/jwt.go @@ -337,6 +337,7 @@ func (j *Service) Reset(w http.ResponseWriter) { // checkAuds verifies if claims.Audience in the list of allowed by audReader func (j *Service) checkAuds(claims *Claims, audReader Audience) error { + // marshal the audience. if audReader == nil { // lack of any allowed means any return nil } diff --git a/token/jwt_test.go b/token/jwt_test.go index a5e8b55..5ea2b60 100644 --- a/token/jwt_test.go +++ b/token/jwt_test.go @@ -31,9 +31,7 @@ var ( testJwtNonAudSign = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0X2F1ZF9vbmx5IiwiZXhwIjoyNzg5MTkxODIyLCJqdGkiOiJyYW5kb20gaWQiLCJpc3MiOiJyZW1hcms0MiIsIm5iZiI6MTUyNjg4NDIyMiwidXNlciI6eyJuYW1lIjoibmFtZTEiLCJpZCI6ImlkMSIsInBpY3R1cmUiOiJodHRwOi8vZXhhbXBsZS5jb20vcGljLnBuZyIsImlwIjoiMTI3LjAuMC4xIiwiZW1haWwiOiJtZUBleGFtcGxlLmNvbSIsImF0dHJzIjp7ImJvb2xhIjp0cnVlLCJzdHJhIjoic3RyYS12YWwifX0sImhhbmRzaGFrZSI6eyJzdGF0ZSI6IjEyMzQ1NiIsImZyb20iOiJmcm9tIiwiaWQiOiJteWlkLTEyMzQ1NiJ9fQ.kJc-U970h3j9riUhFLR9vN_YCUQwZ66tjk7zdC9OiUg" ) -var ( - days31 = time.Hour * 24 * 31 -) +var days31 = time.Hour * 24 * 31 const ( jwtCustomCookieName = "jc1" @@ -95,6 +93,11 @@ func TestJWT_Token(t *testing.T) { assert.NoError(t, err) assert.Equal(t, testJwtValid, res) + newClaims, _ := j.Parse(res) + assert.Equal(t, claims, newClaims) + fmt.Println(claims) + fmt.Println(newClaims) + j.SecretReader = nil _, err = j.Token(claims) assert.EqualError(t, err, "secret reader not defined") diff --git a/v2/auth.go b/v2/auth.go index 9077b2d..4245ac4 100644 --- a/v2/auth.go +++ b/v2/auth.go @@ -99,24 +99,25 @@ func NewService(opts Opts) (res *Service) { } jwtService := token.NewService(token.Opts{ - SecretReader: opts.SecretReader, - ClaimsUpd: opts.ClaimsUpd, - SecureCookies: opts.SecureCookies, - TokenDuration: opts.TokenDuration, - CookieDuration: opts.CookieDuration, - DisableXSRF: opts.DisableXSRF, - DisableIAT: opts.DisableIAT, - JWTCookieName: opts.JWTCookieName, - JWTCookieDomain: opts.JWTCookieDomain, - JWTHeaderKey: opts.JWTHeaderKey, - XSRFCookieName: opts.XSRFCookieName, - XSRFHeaderKey: opts.XSRFHeaderKey, - SendJWTHeader: opts.SendJWTHeader, - JWTQuery: opts.JWTQuery, - Issuer: res.issuer, - AudienceReader: opts.AudienceReader, - AudSecrets: opts.AudSecrets, - SameSite: opts.SameSiteCookie, + SecretReader: opts.SecretReader, + ClaimsUpd: opts.ClaimsUpd, + SecureCookies: opts.SecureCookies, + TokenDuration: opts.TokenDuration, + CookieDuration: opts.CookieDuration, + DisableXSRF: opts.DisableXSRF, + DisableIAT: opts.DisableIAT, + JWTCookieName: opts.JWTCookieName, + JWTCookieDomain: opts.JWTCookieDomain, + JWTHeaderKey: opts.JWTHeaderKey, + XSRFCookieName: opts.XSRFCookieName, + XSRFHeaderKey: opts.XSRFHeaderKey, + XSRFIgnoreMethods: opts.XSRFIgnoreMethods, + SendJWTHeader: opts.SendJWTHeader, + JWTQuery: opts.JWTQuery, + Issuer: res.issuer, + AudienceReader: opts.AudienceReader, + AudSecrets: opts.AudSecrets, + SameSite: opts.SameSiteCookie, }) if opts.SecretReader == nil { diff --git a/v2/token/jwt.go b/v2/token/jwt.go index 729dc14..bb2ea58 100644 --- a/v2/token/jwt.go +++ b/v2/token/jwt.go @@ -104,7 +104,7 @@ func NewService(opts Opts) *Service { setDefault(&res.JWTCookieDomain, defaultJWTCookieDomain) if opts.XSRFIgnoreMethods == nil { - opts.XSRFIgnoreMethods = defaultXSRFIgnoreMethods + res.XSRFIgnoreMethods = defaultXSRFIgnoreMethods } if opts.TokenDuration == 0 { diff --git a/v2/token/jwt_test.go b/v2/token/jwt_test.go index d02c780..bc011ad 100644 --- a/v2/token/jwt_test.go +++ b/v2/token/jwt_test.go @@ -54,17 +54,22 @@ func TestJWT_NewDefault(t *testing.T) { assert.Equal(t, defaultJWTHeaderKey, j.JWTHeaderKey) assert.Equal(t, defaultXSRFCookieName, j.XSRFCookieName) assert.Equal(t, defaultXSRFHeaderKey, j.XSRFHeaderKey) + assert.Equal(t, defaultXSRFIgnoreMethods, j.XSRFIgnoreMethods) assert.Equal(t, defaultIssuer, j.Issuer) } func TestJWT_NewNotDefault(t *testing.T) { + var xsrfCustomIgnoreMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace} + j := NewService(Opts{JWTCookieName: jwtCustomCookieName, JWTHeaderKey: jwtCustomHeaderKey, JWTCookieDomain: "blah.com", XSRFCookieName: xsrfCustomCookieName, XSRFHeaderKey: xsrfCustomHeaderKey, Issuer: "i1", + XSRFIgnoreMethods: xsrfCustomIgnoreMethods, }) assert.Equal(t, jwtCustomCookieName, j.JWTCookieName) assert.Equal(t, jwtCustomHeaderKey, j.JWTHeaderKey) assert.Equal(t, xsrfCustomCookieName, j.XSRFCookieName) assert.Equal(t, xsrfCustomHeaderKey, j.XSRFHeaderKey) + assert.Equal(t, xsrfCustomIgnoreMethods, j.XSRFIgnoreMethods) assert.Equal(t, "i1", j.Issuer) assert.Equal(t, "blah.com", j.JWTCookieDomain) }