jwt validation #171
jwt validation #171
Conversation
abel296
force-pushed
the
feature/jwt-validation
branch
from
6dd2956 to
f205092
Compare
abel296
force-pushed
the
feature/jwt-validation
branch
6 times, most recently
from
31b1471 to
502345e
Compare
|
Hi @fabiocicerchia , I don't have access to see why the snyk test is not passing, can you give me access permit to check it out please? |
abel296
force-pushed
the
feature/jwt-validation
branch
from
502345e to
6bafe05
Compare
juansm90
force-pushed
the
feature/jwt-validation
branch
from
6bafe05 to
291df62
Compare
abel296
force-pushed
the
feature/jwt-validation
branch
4 times, most recently
from
a8bd311 to
8acec37
Compare
|
Hi @abel296, thank you for the PR. |
abel296
force-pushed
the
feature/jwt-validation
branch
3 times, most recently
from
f326f4a to
7b4c1a4
Compare
|
Hi @fabiocicerchia , could you review the PR please? |
abel296
force-pushed
the
feature/jwt-validation
branch
from
7b4c1a4 to
c398bcb
Compare
abel296
force-pushed
the
feature/jwt-validation
branch
5 times, most recently
from
ff0bc17 to
0b3995e
Compare
|
Hi @fabiocicerchia , we've added a couple of changes:
|
abel296
force-pushed
the
feature/jwt-validation
branch
from
dc4cc31 to
dcf1a34
Compare
abel296
force-pushed
the
feature/jwt-validation
branch
19 times, most recently
from
23c7218 to
4e87b96
Compare
|
Hi @fabiocicerchia , these are the last updates:
|
Signed-off-by: Abel Andrés <[email protected]>
abel296
force-pushed
the
feature/jwt-validation
branch
from
4e87b96 to
c12a5ce
Compare
There was a problem hiding this comment.
Hi @abel296, apologies for not getting back to you sooner, recently I couldn't focus on the project properly.
I'll try spending some more time to test properly this MR in the next following days.
It would be really good not to push force and have a reviewable commit history, because as of now, it's really impossible to figure out what each change contributed to.
I made some more suggestions, but let me test it first before starting fixing, as I might add some more comments, and don't want to let you do too much back and forth.
Thank you for the patience and the effort for putting together this PR!
| # - JWT_JWKS_URL enviroment variable | ||
|
|
||
| # Time in minutes that takes for JWKS to refresh automatically | ||
| # JWT_REFRESH_INTERVAL= |
There was a problem hiding this comment.
Let's use the same example values from config.yml.dist:
| # JWT_REFRESH_INTERVAL= | |
| # JWT_REFRESH_INTERVAL=15 |
|
|
||
| # --- JWT | ||
| # A list of space-separated paths. | ||
| # JWT_EXCLUDED_PATHS= |
There was a problem hiding this comment.
Let's use the same example values from config.yml.dist:
| # JWT_EXCLUDED_PATHS= | |
| # JWT_EXCLUDED_PATHS=/ |
| # JWT_EXCLUDED_PATHS= | ||
|
|
||
| # A list of space-separated scopes to be allowed. | ||
| # JWT_ALLOWED_SCOPES= |
There was a problem hiding this comment.
Let's use the same example values from config.yml.dist:
| # JWT_ALLOWED_SCOPES= | |
| # JWT_ALLOWED_SCOPES=scope1, scope2 |
| # # A list of space-separated paths. | ||
| # excluded_paths: | ||
| # - / | ||
| # # A list of space-separated scopes to be allowed. |
There was a problem hiding this comment.
space or comma separated?
| // Jwt - Defines the config for the jwt validation. | ||
| type Jwt struct { | ||
| ExcludedPaths []string `yaml:"excluded_paths" envconfig:"JWT_EXCLUDED_PATHS" split_words:"true"` | ||
| AllowedScopes []string `yaml:"allowed_scopes" envconfig:"JWT_ALLOWED_SCOPES" split_words:"true"` |
There was a problem hiding this comment.
scope1, scope2 will end up in having item 0 scope1, and item 1 scope2
|
|
||
| h.ServeHTTP(rr, req) | ||
|
|
||
| assert.Equal(t, http.StatusMovedPermanently, rr.Code) |
There was a problem hiding this comment.
it would be useful to assert the Location header of this 301 respose.
|
|
||
| h.ServeHTTP(rr, req) | ||
|
|
||
| assert.Equal(t, http.StatusMovedPermanently, rr.Code) |
There was a problem hiding this comment.
it would be useful to assert the Location header of this 301 respose.
|
|
||
| h.ServeHTTP(rr, req) | ||
|
|
||
| assert.Equal(t, http.StatusMovedPermanently, rr.Code) |
There was a problem hiding this comment.
is it correct that all the tests with a JWT are going to 301?
|
|
||
| res := getScopes(token) | ||
|
|
||
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "Scopes provided doesn't match") |
There was a problem hiding this comment.
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "Scopes provided doesn't match") | |
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "The provided scopes don't match") |
|
|
||
| res := getScopes(token) | ||
|
|
||
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "Scopes provided doesn't match") |
There was a problem hiding this comment.
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "Scopes provided doesn't match") | |
| assert.ElementsMatch(t, res, []string{"scope1", "scope2", "scope3"}, "The provided scopes don't match") |
| return logJWTErrorAndAbort(w, err) | ||
| } | ||
| if err := jwt.Validate(token); err != nil { | ||
| return logJWTErrorAndAbort(w, err) |
There was a problem hiding this comment.
it would be good to increase the test coverage by adding a test case to cover this scenario as well (ie testing the failure of validation).
| } | ||
|
|
||
| func TestRefreshKeySet(t *testing.T) { | ||
| t.Skip("To run this test, you should set refreshIntervalDuration (from config.go) to time.Second") |
There was a problem hiding this comment.
Can this test be executed automatically, without any manual changes?
|
merged all changes + improvements in #208 |
Features: