Merge pull request #63 from xmidt-org/feature/case-sensitive-claims

Feature/case sensitive claims
xmidt-org · Nov 22, 2020 · 6712958 · 6712958
2 parents ad26df1 + c9ae56a
commit 6712958
Show file tree

Hide file tree

Showing 11 changed files with 760 additions and 413 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@ lib/
 *.swp
 coverage.txt
 report.json
+*.test
 
 # for VSCode
 .vscode/

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+- Refactor configuration to preserve case in claims
+
 ### Changed
 - Update mentions of the default branch from 'master' to 'main'. [#58](https://github.com/xmidt-org/themis/pull/58)
 

diff --git a/devMode.go b/devMode.go
@@ -65,35 +65,41 @@ token:
   notBeforeDelta: -15s
   duration: 24h
   claims:
-    mac:
+    - key: mac
       header: X-Midt-Mac-Address
       parameter: mac
-    serial:
+    - key: serial
       header: X-Midt-Serial-Number
       parameter: serial
-    uuid:
+    - key: uuid
       header: X-Midt-Uuid
       parameter: uuid
-    iss:
+    - key: iss
       value: "development"
-    trust:
+    - key: trust
       value: 1000
-    sub:
+    - key: sub
       value: "client-supplied"
-    aud:
+    - key: aud
       value: "XMiDT"
-    capabilities:
+    - key: capabilities
       value:
         -
           x1:issuer:test:.*:all
+    - key: allowedResources
+      json: '{
+        "allowedPartners": ["comcast"],
+        "allowedServiceAccountIds": ["1234", "5678"]
+      }'
+
   metadata:
-    mac:
+    - key: mac
       header: X-Midt-Mac-Address
       parameter: mac
-    serial:
+    - key: serial
       header: X-Midt-Serial-Number
       parameter: serial
-    uuid:
+    - key: uuid
       header: X-Midt-Uuid
       parameter: uuid
   partnerID:

diff --git a/main.go b/main.go
@@ -90,7 +90,7 @@ func setupViper(in config.ViperIn, v *viper.Viper) (err error) {
 		v.Set("log.level", "DEBUG")
 	}
 
-	return nil
+	return
 }
 
 func main() {

diff --git a/themis.yaml b/themis.yaml
@@ -56,34 +56,39 @@ token:
   notBeforeDelta: -15s
   duration: 24h
   claims:
-    mac:
+    - key: mac
       header: X-Midt-Mac-Address
       parameter: mac
-    serial:
+    - key: serial
       header: X-Midt-Serial-Number
       parameter: serial
-    uuid:
+    - key: uuid
       header: X-Midt-Uuid
       parameter: uuid
-    iss:
+    - key: iss
       value: "development"
-    trust:
+    - key: trust
       value: 1000
-    sub:
+    - key: sub
       value: "client-supplied"
-    aud:
+    - key: aud
       value: "XMiDT"
-    capabilities:
+    - key: capabilities
       value:
         - x1:issuer:test:.*:all
+    - key: nestedClaims
+      json: '{
+          "casePreservedScalar": "true",
+          "casePreservedArray": ["casePreserved1", "casePreserved2"]
+      }'
   metadata:
-    mac:
+    - key: mac
       header: X-Midt-Mac-Address
       parameter: mac
-    serial:
+    - key: serial
       header: X-Midt-Serial-Number
       parameter: serial
-    uuid:
+    - key: uuid
       header: X-Midt-Uuid
       parameter: uuid
   partnerID:

diff --git a/token/claimBuilder.go b/token/claimBuilder.go
@@ -17,6 +17,7 @@ import (
 
 var (
 	ErrRemoteURLRequired = errors.New("A URL for the remote claimer is required")
+	ErrMissingKey        = errors.New("A key is required for all claims and metadata values")
 )
 
 // ClaimBuilder is a strategy for building token claims, given a token Request
@@ -188,16 +189,25 @@ func NewClaimBuilders(n random.Noncer, client xhttpclient.Interface, o Options)
 	if o.Remote != nil {
 		// scan the metadata looking for static values that should be applied when invoking the remote server
 		metadata := make(map[string]interface{})
-		for name, value := range o.Metadata {
-			if len(value.Header) != 0 || len(value.Parameter) != 0 || len(value.Variable) != 0 {
+		for _, value := range o.Metadata {
+			switch {
+			case len(value.Key) == 0:
+				return nil, ErrMissingKey
+
+			case value.IsFromHTTP():
 				continue
-			}
 
-			if value.Value == nil {
-				return nil, fmt.Errorf("A value is required for the static metadata: %s", name)
-			}
+			case !value.IsStatic():
+				return nil, fmt.Errorf("A value is required for the static metadata: %s", value.Key)
 
-			metadata[name] = value.Value
+			default:
+				msg, err := value.RawMessage()
+				if err != nil {
+					return nil, err
+				}
+
+				metadata[value.Key] = msg
+			}
 		}
 
 		remoteClaimBuilder, err := newRemoteClaimBuilder(client, metadata, o.Remote)
@@ -208,17 +218,25 @@ func NewClaimBuilders(n random.Noncer, client xhttpclient.Interface, o Options)
 		builders = append(builders, remoteClaimBuilder)
 	}
 
-	for name, value := range o.Claims {
-		if len(value.Header) != 0 || len(value.Parameter) != 0 || len(value.Variable) != 0 {
-			// skip any claims derived from HTTP requests
+	for _, value := range o.Claims {
+		switch {
+		case len(value.Key) == 0:
+			return nil, ErrMissingKey
+
+		case value.IsFromHTTP():
 			continue
-		}
 
-		if value.Value == nil {
-			return nil, fmt.Errorf("A value is required for the static claim: %s", name)
-		}
+		case !value.IsStatic():
+			return nil, fmt.Errorf("A value is required for the static claim: %s", value.Key)
 
-		staticClaimBuilder[name] = value.Value
+		default:
+			msg, err := value.RawMessage()
+			if err != nil {
+				return nil, err
+			}
+
+			staticClaimBuilder[value.Key] = msg
+		}
 	}
 
 	if len(staticClaimBuilder) > 0 {
-Original file line number
+Diff line change
@@ Expand Up @@
     		v.Set("log.level", "DEBUG")
     	}
-    	return nil
+    	return
     }
     func main() {
@@ Expand Down @@