Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Use standard JWT claims (#84) 

* Alter JWT claims to use standard ones.

* Clean up deprecated methods/traits.

* missing space after a comma

* Serves me right for being proactive.
pull/756/head
Jared Whiklo 6 years ago committed by dannylamb
parent
ff88e5dc0b
commit
9e42c33f6c
2 changed files with 14 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      src/EventSubscriber/JwtEventSubscriber.php
  2. 12
      tests/src/Kernel/JwtEventSubscriberTest.php

15
src/EventSubscriber/JwtEventSubscriber.php
Unescape View File

@ -89,12 +89,13 @@ class JwtEventSubscriber implements EventSubscriberInterface {
// Standard claims, validated at JWT validation time. // Standard claims, validated at JWT validation time.
$event->addClaim('iat', time()); $event->addClaim('iat', time());
$event->addClaim('exp', strtotime('+2 hour')); $event->addClaim('exp', strtotime('+2 hour'));
$event->addClaim('webid', $this->currentUser->id());
$event->addClaim('iss', $base_secure_url);
// Islandora claims we need to validate. // Islandora claims we need to validate.
$event->addClaim('uid', $this->currentUser->id()); $event->addClaim('sub', $this->currentUser->getAccountName());
$event->addClaim('name', $this->currentUser->getAccountName());
$event->addClaim('roles', $this->currentUser->getRoles(FALSE)); $event->addClaim('roles', $this->currentUser->getRoles(FALSE));
$event->addClaim('url', $base_secure_url);
} }
/** /**
@ -106,10 +107,10 @@ class JwtEventSubscriber implements EventSubscriberInterface {
public function validate(JwtAuthValidateEvent $event) { public function validate(JwtAuthValidateEvent $event) {
$token = $event->getToken(); $token = $event->getToken();
$uid = $token->getClaim('uid'); $uid = $token->getClaim('webid');
$name = $token->getClaim('name'); $name = $token->getClaim('sub');
$roles = $token->getClaim('roles'); $roles = $token->getClaim('roles');
$url = $token->getClaim('url'); $url = $token->getClaim('iss');
if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) { if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) {
$event->invalidate("Expected data missing from payload."); $event->invalidate("Expected data missing from payload.");
return; return;
@ -132,7 +133,7 @@ class JwtEventSubscriber implements EventSubscriberInterface {
*/ */
public function loadUser(JwtAuthValidEvent $event) { public function loadUser(JwtAuthValidEvent $event) {
$token = $event->getToken(); $token = $event->getToken();
$uid = $token->getClaim('uid'); $uid = $token->getClaim('webid');
$user = $this->userStorage->load($uid); $user = $this->userStorage->load($uid);
$event->setUser($user); $event->setUser($user);
} }

12
tests/src/Kernel/JwtEventSubscriberTest.php
Unescape View File

@ -53,7 +53,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
$this->assert($validateEvent->isValid(), "Generated tokens must be valid."); $this->assertTrue($validateEvent->isValid(), "Generated tokens must be valid.");
} }
/** /**
@ -70,7 +70,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$subscriber->validate($event); $subscriber->validate($event);
assert(!$event->isValid(), "Malformed event must be invalidated"); $this->assertFalse($event->isValid(), "Malformed event must be invalidated");
} }
/** /**
@ -92,13 +92,13 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when user cannot be loaded."); $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when user cannot be loaded.");
} }
/** /**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate * @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate
*/ */
public function testInvliadatesBadAccount() { public function testInvalidatesBadAccount() {
$anotherUser = $this->createUser(); $anotherUser = $this->createUser();
// Mock user entity storage, loads the wrong user. // Mock user entity storage, loads the wrong user.
@ -117,7 +117,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when users don't align."); $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when users don't align.");
} }
/** /**
@ -135,7 +135,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validEvent = new JwtAuthValidEvent($jwt); $validEvent = new JwtAuthValidEvent($jwt);
$subscriber->loadUser($validEvent); $subscriber->loadUser($validEvent);
$this->assert($validEvent->getUser()->id() == $this->user->id(), "Correct user must be loaded to valid event."); $this->assertEquals($this->user->id(), $validEvent->getUser()->id(), "Correct user must be loaded to valid event.");
} }
} }

Write Preview
Loading…
Cancel
Save