From 9e42c33f6ce2b49a4c2dad7dc5610ebc89ecbcf8 Mon Sep 17 00:00:00 2001 From: Jared Whiklo Date: Wed, 21 Nov 2018 11:52:29 -0600 Subject: [PATCH] Use standard JWT claims (#84) * Alter JWT claims to use standard ones. * Clean up deprecated methods/traits. * missing space after a comma * Serves me right for being proactive. --- src/EventSubscriber/JwtEventSubscriber.php | 15 ++++++++------- tests/src/Kernel/JwtEventSubscriberTest.php | 12 ++++++------ 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php index d32d4834..aadc35fb 100644 --- a/src/EventSubscriber/JwtEventSubscriber.php +++ b/src/EventSubscriber/JwtEventSubscriber.php @@ -89,12 +89,13 @@ class JwtEventSubscriber implements EventSubscriberInterface { // Standard claims, validated at JWT validation time. $event->addClaim('iat', time()); $event->addClaim('exp', strtotime('+2 hour')); + $event->addClaim('webid', $this->currentUser->id()); + $event->addClaim('iss', $base_secure_url); // Islandora claims we need to validate. - $event->addClaim('uid', $this->currentUser->id()); - $event->addClaim('name', $this->currentUser->getAccountName()); + $event->addClaim('sub', $this->currentUser->getAccountName()); $event->addClaim('roles', $this->currentUser->getRoles(FALSE)); - $event->addClaim('url', $base_secure_url); + } /** @@ -106,10 +107,10 @@ class JwtEventSubscriber implements EventSubscriberInterface { public function validate(JwtAuthValidateEvent $event) { $token = $event->getToken(); - $uid = $token->getClaim('uid'); - $name = $token->getClaim('name'); + $uid = $token->getClaim('webid'); + $name = $token->getClaim('sub'); $roles = $token->getClaim('roles'); - $url = $token->getClaim('url'); + $url = $token->getClaim('iss'); if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) { $event->invalidate("Expected data missing from payload."); return; @@ -132,7 +133,7 @@ class JwtEventSubscriber implements EventSubscriberInterface { */ public function loadUser(JwtAuthValidEvent $event) { $token = $event->getToken(); - $uid = $token->getClaim('uid'); + $uid = $token->getClaim('webid'); $user = $this->userStorage->load($uid); $event->setUser($user); } diff --git a/tests/src/Kernel/JwtEventSubscriberTest.php b/tests/src/Kernel/JwtEventSubscriberTest.php index 449f84bc..8fd9e2be 100644 --- a/tests/src/Kernel/JwtEventSubscriberTest.php +++ b/tests/src/Kernel/JwtEventSubscriberTest.php @@ -53,7 +53,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase { $validateEvent = new JwtAuthValidateEvent($jwt); $subscriber->validate($validateEvent); - $this->assert($validateEvent->isValid(), "Generated tokens must be valid."); + $this->assertTrue($validateEvent->isValid(), "Generated tokens must be valid."); } /** @@ -70,7 +70,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase { $subscriber->validate($event); - assert(!$event->isValid(), "Malformed event must be invalidated"); + $this->assertFalse($event->isValid(), "Malformed event must be invalidated"); } /** @@ -92,13 +92,13 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase { $validateEvent = new JwtAuthValidateEvent($jwt); $subscriber->validate($validateEvent); - assert(!$validateEvent->isValid(), "Event must be invalidated when user cannot be loaded."); + $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when user cannot be loaded."); } /** * @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate */ - public function testInvliadatesBadAccount() { + public function testInvalidatesBadAccount() { $anotherUser = $this->createUser(); // Mock user entity storage, loads the wrong user. @@ -117,7 +117,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase { $validateEvent = new JwtAuthValidateEvent($jwt); $subscriber->validate($validateEvent); - assert(!$validateEvent->isValid(), "Event must be invalidated when users don't align."); + $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when users don't align."); } /** @@ -135,7 +135,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase { $validEvent = new JwtAuthValidEvent($jwt); $subscriber->loadUser($validEvent); - $this->assert($validEvent->getUser()->id() == $this->user->id(), "Correct user must be loaded to valid event."); + $this->assertEquals($this->user->id(), $validEvent->getUser()->id(), "Correct user must be loaded to valid event."); } }