From f9be98d6472bf4aeb2414cb007ed191c64e363c2 Mon Sep 17 00:00:00 2001 From: John ODonnell Date: Wed, 3 May 2023 13:53:00 -0400 Subject: [PATCH] Support hyphens in claims used for AuthnJWT --- app/domain/authentication/authn_jwt/consts.rb | 2 +- .../features/authn_jwt_token_schema.feature | 4 ++-- cucumber/authenticators_jwt/features/authn_status_jwt.feature | 2 +- .../authn-jwt/input_validation/validate_claim_name_spec.rb | 3 +-- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/app/domain/authentication/authn_jwt/consts.rb b/app/domain/authentication/authn_jwt/consts.rb index b56cc9ae14..a8ea90e189 100644 --- a/app/domain/authentication/authn_jwt/consts.rb +++ b/app/domain/authentication/authn_jwt/consts.rb @@ -38,7 +38,7 @@ module AuthnJwt CLAIMS_CHARACTER_DELIMITER = "," TUPLE_CHARACTER_DELIMITER = ":" - PURE_CLAIM_NAME_REGEX = /[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*/.freeze + PURE_CLAIM_NAME_REGEX = /[a-zA-Z|$|_][a-zA-Z|$|_|\-|0-9|.]*/.freeze PURE_NESTED_CLAIM_NAME_REGEX = /^#{PURE_CLAIM_NAME_REGEX.source}(#{PATH_DELIMITER}#{PURE_CLAIM_NAME_REGEX.source})*$/.freeze SIGNING_KEY_RESOURCES_NAMES = [ diff --git a/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature b/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature index 2aecc56f61..f63eec3c2c 100644 --- a/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature +++ b/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature @@ -700,7 +700,7 @@ Feature: JWT Authenticator - Token Schema Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00104E Failed to validate claim: claim name '%@^#[{]}$~=-+_?.><&^@*@#*sdhj812ehd' does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*)*$)'.> + CONJ00104E Failed to validate claim: claim name '%@^#[{]}$~=-+_?.><&^@*@#*sdhj812ehd' does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|\-|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|\-|0-9|.]*)*$)'.> """ @negative @acceptance @@ -732,7 +732,7 @@ Feature: JWT Authenticator - Token Schema Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00104E Failed to validate claim: claim name '%@^#&^[{]}$~=-+_?.><812ehd' does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*)*$)'. + CONJ00104E Failed to validate claim: claim name '%@^#&^[{]}$~=-+_?.><812ehd' does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|\-|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|\-|0-9|.]*)*$)'. """ @acceptance diff --git a/cucumber/authenticators_jwt/features/authn_status_jwt.feature b/cucumber/authenticators_jwt/features/authn_status_jwt.feature index 76e13f6071..b8dfbef350 100644 --- a/cucumber/authenticators_jwt/features/authn_status_jwt.feature +++ b/cucumber/authenticators_jwt/features/authn_status_jwt.feature @@ -1108,7 +1108,7 @@ Feature: JWT Authenticator - Status Check And I save my place in the log file When I GET "/authn-jwt/raw/cucumber/status" Then the HTTP response status code is 500 - And the authenticator status check fails with error "does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*)*$)" + And the authenticator status check fails with error "does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|-|0-9|.]*(\/[a-zA-Z|$|_][a-zA-Z|$|_|-|0-9|.]*)*$)" @negative @acceptance Scenario Outline: ONYX-10958: claim-aliases configured with invalid value, 500 Error diff --git a/spec/app/domain/authentication/authn-jwt/input_validation/validate_claim_name_spec.rb b/spec/app/domain/authentication/authn-jwt/input_validation/validate_claim_name_spec.rb index 8b8195a4e9..2bed04b6e5 100644 --- a/spec/app/domain/authentication/authn-jwt/input_validation/validate_claim_name_spec.rb +++ b/spec/app/domain/authentication/authn-jwt/input_validation/validate_claim_name_spec.rb @@ -28,7 +28,6 @@ "When claim name is 1 dot character '.'": [".", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When claim name is just 1 forbidden character '*'": ["*", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When claim name contains 1 forbidden character '*'": ["a*b", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], - "When claim name contains 1 forbidden character '-": ["a-b", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When claim name contains 1 forbidden character '%'": ["a%b", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When claim name contains 1 forbidden character '!'": ["a!b", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When claim name contains 1 forbidden character '('": ["a(b", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], @@ -44,7 +43,6 @@ "When claim name contains spaces": ["claim name", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When input has illegal [ character in claim name": ["my[claim", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When input has illegal [ ] characters in claim name": ["my[1]claim", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], - "When input has illegal - character in claim name": ["my-claim", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName], "When input has illegal : character in claim name": ["a:", Errors::Authentication::AuthnJwt::FailedToValidateClaimForbiddenClaimName] } @@ -53,6 +51,7 @@ "When claim name contains 1 allowed char 'f'": "f", "When claim name contains 1 allowed char '_'": "_", "When claim name contains value with allowed char '/'": "a/a", + "When claim name contains value with allowed char '-'": "a-b", "When claim name contains value with multiple allowed chars '/'": "a/a/a/a", "When claim name contains 1 allowed char '$'": "$", "When claim name contains digits in the middle": "$2w",