1507843008

Committed 13 Sep 2024 11:01AM UTC coverage: 81.326%. Remained the same

Build # 1507843008

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #727 from mzedel/chore/deprecate

Chore/deprecate

Run Details

4834 of 5944 relevant lines covered (81.33%)

42.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.0

/jwt/claims.go

// Copyright 2021 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package jwt

import (
        "encoding/json"
        "time"

        "github.com/mendersoftware/go-lib-micro/addons"
        "github.com/mendersoftware/go-lib-micro/mongo/oid"
)

type Claims struct {
        // ID is the unique jwt ID, also device AuthSet UUID. (Required)
        ID oid.ObjectID `json:"jti,omitempty" bson:"_id"`
        // Subject claim holds the device ID. (Required)
        Subject  oid.ObjectID `json:"sub,omitempty" bson:"sub"`
        Audience string       `json:"aud,omitempty" bson:"aud,omitempty"`
        Scope    string       `json:"scp,omitempty" bson:"scp,omitempty"`
        // Issuer holds the configurable issuer claim.
        Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
        // Tenant claim holds the tenant id this device belongs to.
        Tenant string `json:"mender.tenant,omitempty" bson:"mender.tenant,omitempty"`
        // ExpiresAt is the timestamp when the token becomes invalid. (Required)
        ExpiresAt Time `json:"exp,omitempty" bson:"exp"`
        IssuedAt  Time `json:"iat,omitempty" bson:"iat,omitempty"`
        NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"`
        // Device claim states that this token belongs to a device
        Device bool `json:"mender.device,omitempty" bson:"mender.device,omitempty"`
        // Plan holds the tenant's feature plan claim.
        Plan string `json:"mender.plan,omitempty"`
        // Trial claim holds a boolean which is true if the tenant is in trial mode
        Trial bool `json:"mender.trial" bson:"trial"`
        // Addons contains the settings for addons enabled for the tenant.
        Addons []addons.Addon `json:"mender.addons,omitempty"`
}

type Time struct {
        time.Time
}

func (t Time) MarshalJSON() ([]byte, error) {
        unixTime := t.Unix()
        return json.Marshal(unixTime)
}

func (t *Time) UnmarshalJSON(b []byte) error {
        var unixTime int64
        err := json.Unmarshal(b, &unixTime)
        t.Time = time.Unix(unixTime, 0)
        return err
}

// Valid checks if claims are valid. Returns error if validation fails.
// Note that for now we're only using iss, exp, sub, scp.
// Basic checks are done here, field correctness (e.g. issuer) - at the service
// level, where this info is available.
func (c *Claims) Valid() error {
        if c.Issuer == "" ||
                c.ID.String() == "" ||
                c.Subject.String() == "" {
                return ErrTokenInvalid
        }

        if c.ExpiresAt.Before(time.Now()) {
                return ErrTokenExpired
        }

        return nil
}

1	// Copyright 2021 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package jwt
16
17	import (
18	"encoding/json"
19	"time"
20
21	"github.com/mendersoftware/go-lib-micro/addons"
22	"github.com/mendersoftware/go-lib-micro/mongo/oid"
23	)
24
25	type Claims struct {
26	// ID is the unique jwt ID, also device AuthSet UUID. (Required)
27	ID oid.ObjectID `json:"jti,omitempty" bson:"_id"`
28	// Subject claim holds the device ID. (Required)
29	Subject oid.ObjectID `json:"sub,omitempty" bson:"sub"`
30	Audience string `json:"aud,omitempty" bson:"aud,omitempty"`
31	Scope string `json:"scp,omitempty" bson:"scp,omitempty"`
32	// Issuer holds the configurable issuer claim.
33	Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
34	// Tenant claim holds the tenant id this device belongs to.
35	Tenant string `json:"mender.tenant,omitempty" bson:"mender.tenant,omitempty"`
36	// ExpiresAt is the timestamp when the token becomes invalid. (Required)
37	ExpiresAt Time `json:"exp,omitempty" bson:"exp"`
38	IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"`
39	NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"`
40	// Device claim states that this token belongs to a device
41	Device bool `json:"mender.device,omitempty" bson:"mender.device,omitempty"`
42	// Plan holds the tenant's feature plan claim.
43	Plan string `json:"mender.plan,omitempty"`
44	// Trial claim holds a boolean which is true if the tenant is in trial mode
45	Trial bool `json:"mender.trial" bson:"trial"`
46	// Addons contains the settings for addons enabled for the tenant.
47	Addons []addons.Addon `json:"mender.addons,omitempty"`
48	}
49
50	type Time struct {
51	time.Time
52	}
53
54	func (t Time) MarshalJSON() ([]byte, error) {	13✔
55	unixTime := t.Unix()	13✔
56	return json.Marshal(unixTime)	13✔
57	}	13✔
58
59	func (t *Time) UnmarshalJSON(b []byte) error {	35✔
60	var unixTime int64	35✔
61	err := json.Unmarshal(b, &unixTime)	35✔
62	t.Time = time.Unix(unixTime, 0)	35✔
63	return err	35✔
64	}	35✔
65
66	// Valid checks if claims are valid. Returns error if validation fails.
67	// Note that for now we're only using iss, exp, sub, scp.
68	// Basic checks are done here, field correctness (e.g. issuer) - at the service
69	// level, where this info is available.
70	func (c *Claims) Valid() error {	9✔
71	if c.Issuer == "" \|\|	9✔
72	c.ID.String() == "" \|\|	9✔
73	c.Subject.String() == "" {	11✔
74	return ErrTokenInvalid	2✔
75	}	2✔
76
77	if c.ExpiresAt.Before(time.Now()) {	7✔
78	return ErrTokenExpired	×
79	}	×
80
81	return nil	7✔
82	}

mendersoftware / deviceauth / 1507843008

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous