1325239969

Committed 08 Dec 2023 03:39PM UTC coverage: 87.019%. Remained the same

Build # 1325239969

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #401 from mendersoftware/dependabot/go_modules/go.mongodb.org/mongo-driver-1.13.1

chore: bump go.mongodb.org/mongo-driver from 1.12.1 to 1.13.1

Run Details

2869 of 3297 relevant lines covered (87.02%)

130.99 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.0

/jwt/claims.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package jwt

import (
        "encoding/json"
        "time"

        "github.com/mendersoftware/go-lib-micro/mongo/oid"
)

type Claims struct {
        // ID is the unique token UUID.
        ID oid.ObjectID `json:"jti,omitempty" bson:"_id,omitempty"`
        // Subject holds the UUID associated with the user's account.
        Subject oid.ObjectID `json:"sub,omitempty" bson:"sub,omitempty"`
        // ExpiresAt is the absolute time when the token expires.
        ExpiresAt *Time `json:"exp,omitempty" bson:"exp,omitempty"`
        // IssuedAt is the absolute time the token was created.
        IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"`
        // Tenant holds the tenant ID claim
        Tenant string `json:"mender.tenant,omitempty" bson:"tenant,omitempty"`
        // User claims that this token is for the management API.
        User bool `json:"mender.user,omitempty" bson:"user,omitempty"`
        // Issuer contains the configured Issuer claim (defaults to "Mender")
        Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
        // Scope determines the API scope of the token (defaults to "mender.*")
        Scope     string `json:"scp,omitempty" bson:"scp,omitempty"`
        Audience  string `json:"aud,omitempty" bson:"aud,omitempty"`
        NotBefore Time   `json:"nbf,omitempty" bson:"nbf,omitempty"`
}

// Time is a simple wrapper of time.Time that marshals/unmarshals JSON
// to/from UNIX time.
type Time struct {
        time.Time
}

func (t Time) MarshalJSON() ([]byte, error) {
        timeUnix := t.Unix()
        return json.Marshal(timeUnix)
}

func (t *Time) UnmarshalJSON(b []byte) error {
        var timeUnix int64
        err := json.Unmarshal(b, &timeUnix)
        if err != nil {
                return err
        }
        t.Time = time.Unix(timeUnix, 0)
        return nil
}

// Valid checks if claims are valid. Returns error if validation fails.
// Note that for now we're only using iss, exp, sub, scp.
// Basic checks are done here, field correctness (e.g. issuer) - at the service level, where this
// info is available.
func (c *Claims) Valid() error {
        if c.Issuer == "" ||
                c.Subject.Type() == oid.TypeNil ||
                c.ID.Type() == oid.TypeNil ||
                c.Scope == "" {
                return ErrTokenInvalid
        }

        if c.ExpiresAt != nil {
                now := time.Now()
                if now.After(c.ExpiresAt.Time) {
                        return ErrTokenExpired
                }
        }

        return nil
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package jwt
15
16	import (
17	"encoding/json"
18	"time"
19
20	"github.com/mendersoftware/go-lib-micro/mongo/oid"
21	)
22
23	type Claims struct {
24	// ID is the unique token UUID.
25	ID oid.ObjectID `json:"jti,omitempty" bson:"_id,omitempty"`
26	// Subject holds the UUID associated with the user's account.
27	Subject oid.ObjectID `json:"sub,omitempty" bson:"sub,omitempty"`
28	// ExpiresAt is the absolute time when the token expires.
29	ExpiresAt *Time `json:"exp,omitempty" bson:"exp,omitempty"`
30	// IssuedAt is the absolute time the token was created.
31	IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"`
32	// Tenant holds the tenant ID claim
33	Tenant string `json:"mender.tenant,omitempty" bson:"tenant,omitempty"`
34	// User claims that this token is for the management API.
35	User bool `json:"mender.user,omitempty" bson:"user,omitempty"`
36	// Issuer contains the configured Issuer claim (defaults to "Mender")
37	Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
38	// Scope determines the API scope of the token (defaults to "mender.*")
39	Scope string `json:"scp,omitempty" bson:"scp,omitempty"`
40	Audience string `json:"aud,omitempty" bson:"aud,omitempty"`
41	NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"`
42	}
43
44	// Time is a simple wrapper of time.Time that marshals/unmarshals JSON
45	// to/from UNIX time.
46	type Time struct {
47	time.Time
48	}
49
50	func (t Time) MarshalJSON() ([]byte, error) {	522✔
51	timeUnix := t.Unix()	522✔
52	return json.Marshal(timeUnix)	522✔
53	}	522✔
54
55	func (t *Time) UnmarshalJSON(b []byte) error {	899✔
56	var timeUnix int64	899✔
57	err := json.Unmarshal(b, &timeUnix)	899✔
58	if err != nil {	899✔
59	return err	×
60	}	×
61	t.Time = time.Unix(timeUnix, 0)	899✔
62	return nil	899✔
63	}
64
65	// Valid checks if claims are valid. Returns error if validation fails.
66	// Note that for now we're only using iss, exp, sub, scp.
67	// Basic checks are done here, field correctness (e.g. issuer) - at the service level, where this
68	// info is available.
69	func (c *Claims) Valid() error {	327✔
70	if c.Issuer == "" \|\|	327✔
71	c.Subject.Type() == oid.TypeNil \|\|	327✔
72	c.ID.Type() == oid.TypeNil \|\|	327✔
73	c.Scope == "" {	329✔
74	return ErrTokenInvalid	2✔
75	}	2✔
76
77	if c.ExpiresAt != nil {	650✔
78	now := time.Now()	325✔
79	if now.After(c.ExpiresAt.Time) {	325✔
80	return ErrTokenExpired	×
81	}	×
82	}
83
84	return nil	325✔
85	}

mendersoftware / useradm / 1325239969

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous