Browse Source

Use standard JWT claims (#84)

* Alter JWT claims to use standard ones.

* Clean up deprecated methods/traits.

* missing space after a comma

* Serves me right for being proactive.
pull/756/head
Jared Whiklo 6 years ago committed by dannylamb
parent
commit
9e42c33f6c
  1. 15
      src/EventSubscriber/JwtEventSubscriber.php
  2. 12
      tests/src/Kernel/JwtEventSubscriberTest.php

15
src/EventSubscriber/JwtEventSubscriber.php

@ -89,12 +89,13 @@ class JwtEventSubscriber implements EventSubscriberInterface {
// Standard claims, validated at JWT validation time. // Standard claims, validated at JWT validation time.
$event->addClaim('iat', time()); $event->addClaim('iat', time());
$event->addClaim('exp', strtotime('+2 hour')); $event->addClaim('exp', strtotime('+2 hour'));
$event->addClaim('webid', $this->currentUser->id());
$event->addClaim('iss', $base_secure_url);
// Islandora claims we need to validate. // Islandora claims we need to validate.
$event->addClaim('uid', $this->currentUser->id()); $event->addClaim('sub', $this->currentUser->getAccountName());
$event->addClaim('name', $this->currentUser->getAccountName());
$event->addClaim('roles', $this->currentUser->getRoles(FALSE)); $event->addClaim('roles', $this->currentUser->getRoles(FALSE));
$event->addClaim('url', $base_secure_url);
} }
/** /**
@ -106,10 +107,10 @@ class JwtEventSubscriber implements EventSubscriberInterface {
public function validate(JwtAuthValidateEvent $event) { public function validate(JwtAuthValidateEvent $event) {
$token = $event->getToken(); $token = $event->getToken();
$uid = $token->getClaim('uid'); $uid = $token->getClaim('webid');
$name = $token->getClaim('name'); $name = $token->getClaim('sub');
$roles = $token->getClaim('roles'); $roles = $token->getClaim('roles');
$url = $token->getClaim('url'); $url = $token->getClaim('iss');
if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) { if ($uid === NULL || $name === NULL || $roles === NULL || $url === NULL) {
$event->invalidate("Expected data missing from payload."); $event->invalidate("Expected data missing from payload.");
return; return;
@ -132,7 +133,7 @@ class JwtEventSubscriber implements EventSubscriberInterface {
*/ */
public function loadUser(JwtAuthValidEvent $event) { public function loadUser(JwtAuthValidEvent $event) {
$token = $event->getToken(); $token = $event->getToken();
$uid = $token->getClaim('uid'); $uid = $token->getClaim('webid');
$user = $this->userStorage->load($uid); $user = $this->userStorage->load($uid);
$event->setUser($user); $event->setUser($user);
} }

12
tests/src/Kernel/JwtEventSubscriberTest.php

@ -53,7 +53,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
$this->assert($validateEvent->isValid(), "Generated tokens must be valid."); $this->assertTrue($validateEvent->isValid(), "Generated tokens must be valid.");
} }
/** /**
@ -70,7 +70,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$subscriber->validate($event); $subscriber->validate($event);
assert(!$event->isValid(), "Malformed event must be invalidated"); $this->assertFalse($event->isValid(), "Malformed event must be invalidated");
} }
/** /**
@ -92,13 +92,13 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when user cannot be loaded."); $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when user cannot be loaded.");
} }
/** /**
* @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate * @covers \Drupal\islandora\EventSubscriber\JwtEventSubscriber::validate
*/ */
public function testInvliadatesBadAccount() { public function testInvalidatesBadAccount() {
$anotherUser = $this->createUser(); $anotherUser = $this->createUser();
// Mock user entity storage, loads the wrong user. // Mock user entity storage, loads the wrong user.
@ -117,7 +117,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validateEvent = new JwtAuthValidateEvent($jwt); $validateEvent = new JwtAuthValidateEvent($jwt);
$subscriber->validate($validateEvent); $subscriber->validate($validateEvent);
assert(!$validateEvent->isValid(), "Event must be invalidated when users don't align."); $this->assertFalse($validateEvent->isValid(), "Event must be invalidated when users don't align.");
} }
/** /**
@ -135,7 +135,7 @@ class JwtEventSubscriberTest extends IslandoraKernelTestBase {
$validEvent = new JwtAuthValidEvent($jwt); $validEvent = new JwtAuthValidEvent($jwt);
$subscriber->loadUser($validEvent); $subscriber->loadUser($validEvent);
$this->assert($validEvent->getUser()->id() == $this->user->id(), "Correct user must be loaded to valid event."); $this->assertEquals($this->user->id(), $validEvent->getUser()->id(), "Correct user must be loaded to valid event.");
} }
} }

Loading…
Cancel
Save