Skip to content

Commit

Permalink
Fixes according to PR comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@nessiLahav
nessiLahav committed Aug 9, 2021
1 parent 20e4784 commit b1bbbd9
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 36 deletions.
4 changes: 0 additions & 4 deletions app/domain/authentication/authn_jwt/authentication_parameters.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@ def initialize(authentication_input:, jwt_token:)
def authn_jwt_variable_id_prefix
"#{@account}:variable:conjur/#{@authenticator_name}/#{@service_id}"
end

def hash
"#{@service_id}-#{@authenticator_name}-#{@account}"
end
end
end
end
4 changes: 2 additions & 2 deletions app/domain/authentication/authn_jwt/validate_status.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module AuthnJwt

ValidateStatus = CommandClass.new(
dependencies: {
fetch_signing_key: ::Util::ConcurrencyLimitedCache.new(
fetch_signing_key_from_cache: ::Util::ConcurrencyLimitedCache.new(
::Util::RateLimitedCache.new(
::Authentication::AuthnJwt::SigningKey::FetchCachedSigningKey.new,
refreshes_per_interval: CACHE_REFRESHES_PER_INTERVAL,
Expand Down Expand Up @@ -144,7 +144,7 @@ def webservice
end

def validate_signing_key
@fetch_signing_key.call(
@fetch_signing_key_from_cache.call(
cache_key: signing_key_interface.signing_key_uri,
signing_key_interface: signing_key_interface
)
Expand Down
4 changes: 0 additions & 4 deletions ...domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,6 @@ def create_signing_key_interface
@create_signing_key_interface ||= Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new
end

def fetch_jwt_claims_to_validate
@fetch_jwt_claims_to_validate ||= ::Authentication::AuthnJwt::ValidateAndDecode::FetchJwtClaimsToValidate.new
end

def restrictions_from_annotations
@restrictions_from_annotations ||= Authentication::ResourceRestrictions::GetServiceSpecificRestrictionFromAnnotation.new
end
Expand Down
23 changes: 11 additions & 12 deletions cucumber/authenticators_jwt/features/authn_status_jwt.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@ Feature: JWT Authenticator - Status Check
Checks status API of JWT authenticator. Status API should return error on each case of misconfiguration in
authenticator or policy that can be found before authentication request.

Background:
Given I initialize remote JWKS endpoint with file "authn-jwt-configuration" and alg "RS256"

@sanity
Scenario: ONYX-9122: A valid JWT status request, 200 OK
Given I initialize JWKS endpoint with file "myJWKs.json"
And I load a policy:
Given I load a policy:
"""
- !policy
id: conjur/authn-jwt/raw
Expand Down Expand Up @@ -57,7 +59,7 @@ Feature: JWT Authenticator - Status Check
- !user alice
"""
And I am the super-user
And I successfully set authn-jwt jwks-uri variable with value of "myJWKs.json" endpoint
And I successfully set authn-jwt "jwks-uri" variable value to "http://jwks_py:8090/authn-jwt-configuration/RS256" in service "raw"
And I successfully set authn-jwt "token-app-property" variable to value "user"
And I successfully set authn-jwt "issuer" variable to value "gitlab"
And I successfully set authn-jwt "audience" variable to value "conjur"
Expand Down Expand Up @@ -234,8 +236,7 @@ Feature: JWT Authenticator - Status Check
And the authenticator status check fails with error "CONJ00006E 'alice' does not have 'read' privilege on cucumber:webservice:conjur/authn-jwt/raw/status"

Scenario: ONYX-9139: Non existing issuer, and existing Signing key, 200 OK
Given I initialize JWKS endpoint with file "myJWKs.json"
And I load a policy:
Given I load a policy:
"""
- !policy
id: conjur/authn-jwt/raw
Expand Down Expand Up @@ -280,7 +281,7 @@ Feature: JWT Authenticator - Status Check
- !user alice
"""
And I am the super-user
And I successfully set authn-jwt jwks-uri variable with value of "myJWKs.json" endpoint
And I successfully set authn-jwt "jwks-uri" variable value to "http://jwks_py:8090/authn-jwt-configuration/RS256" in service "raw"
And I successfully set authn-jwt "token-app-property" variable to value "user"
And I login as "alice"
And I save my place in the log file
Expand Down Expand Up @@ -710,8 +711,7 @@ Feature: JWT Authenticator - Status Check

@sanity
Scenario: ONYX-9515: Valid status check, identify-path is configured with value, 200 OK
Given I initialize JWKS endpoint with file "myJWKs.json"
And I load a policy:
Given I load a policy:
"""
- !policy
id: apps
Expand Down Expand Up @@ -767,7 +767,7 @@ Feature: JWT Authenticator - Status Check
- !user alice
"""
And I am the super-user
And I successfully set authn-jwt jwks-uri variable with value of "myJWKs.json" endpoint
And I successfully set authn-jwt "jwks-uri" variable value to "http://jwks_py:8090/authn-jwt-configuration/RS256" in service "raw"
And I successfully set authn-jwt "token-app-property" variable to value "user"
And I successfully set authn-jwt "identity-path" variable to value "apps"
And I successfully set authn-jwt "issuer" variable to value "gitlab"
Expand All @@ -779,8 +779,7 @@ Feature: JWT Authenticator - Status Check
And the authenticator status check succeeds

Scenario: ONYX-10875: Status works fine with enforced claims and mapping, 200 OK
Given I initialize JWKS endpoint with file "myJWKs.json"
And I load a policy:
Given I load a policy:
"""
- !policy
id: apps
Expand Down Expand Up @@ -836,7 +835,7 @@ Feature: JWT Authenticator - Status Check
- !user alice
"""
And I am the super-user
And I successfully set authn-jwt jwks-uri variable with value of "myJWKs.json" endpoint
And I successfully set authn-jwt "jwks-uri" variable value to "http://jwks_py:8090/authn-jwt-configuration/RS256" in service "raw"
And I successfully set authn-jwt "token-app-property" variable to value "user"
And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
And I successfully set authn-jwt "enforced-claims" variable to value "ref"
Expand Down
28 changes: 14 additions & 14 deletions spec/app/domain/authentication/authn-jwt/validate_status_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
let(:webservice_does_not_exist_error) { "Webservice does not exist" }
let(:account_does_not_exist_error) { "Account does not exist" }
let(:mocked_valid_signing_key_interface) { double("Mocked valid signing key interface") }
let(:mocked_valid_fetch_signing_key) { double("Mocked valid fetch signing key interface") }
let(:mocked_valid_fetch_signing_key_from_cache) { double("Mocked valid fetch signing key interface") }


before(:each) do
Expand All @@ -67,7 +67,7 @@
receive(:signing_key_uri).and_return(valid_signing_key_uri)
)

allow(mocked_valid_fetch_signing_key).to(
allow(mocked_valid_fetch_signing_key_from_cache).to(
receive(:call).and_return(valid_signing_key)
)

Expand Down Expand Up @@ -166,7 +166,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -191,7 +191,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -215,7 +215,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -239,7 +239,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -263,7 +263,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand Down Expand Up @@ -299,7 +299,7 @@

subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -324,7 +324,7 @@
context "signing key secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_invalid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -347,7 +347,7 @@
context "issuer secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_invalid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
Expand All @@ -370,7 +370,7 @@
context "audience secret is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_audience_value: mocked_invalid_fetch_audience_value,
Expand All @@ -394,7 +394,7 @@
context "enforced claims is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_enforced_claims: mocked_invalid_fetch_enforced_claims,
Expand All @@ -418,7 +418,7 @@
context "mapping claims is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_mapping_claims: mocked_invalid_fetch_mapping_claims,
Expand All @@ -442,7 +442,7 @@
context "identity secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
fetch_signing_key: mocked_valid_fetch_signing_key,
fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
create_signing_key_interface: mocked_valid_create_signing_key_interface,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_invalid_identity_from_decoded_token_provider,
Expand Down

0 comments on commit b1bbbd9

Please sign in to comment.