1622978334

Committed 13 Jan 2025 03:51PM UTC coverage: 72.802% (-3.8%) from 76.608%

Build # 1622978334

Build Type

Pull #300

gitlab-ci

Committed by

alfrunes

Commit Message

fix: Deployment device count should not exceed max devices

Added a condition to skip deployments when the device count reaches max
devices.

Changelog: Title
Ticket: MEN-7847
Signed-off-by: Alf-Rune Siqveland <alf.rune@northern.tech>

Pull Request Pull Request #300: fix: Deployment device count should not exceed max devices

Run Details

4251 of 6164 branches covered (68.96%)

Branch coverage included in aggregate %.

0 of 18 new or added lines in 1 file covered. (0.0%)

2544 existing lines in 83 files now uncovered.

42741 of 58384 relevant lines covered (73.21%)

21.49 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

63.64

/backend/pkg/identity/token.go

// Copyright 2024 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package identity

import (
        "encoding/base64"
        "encoding/json"
        "net/http"
        "strings"

        "github.com/pkg/errors"

        "github.com/mendersoftware/mender-server/pkg/addons"
)

type Identity struct {
        Subject  string         `json:"sub" valid:"required"`
        Tenant   string         `json:"mender.tenant,omitempty"`
        IsUser   bool           `json:"mender.user,omitempty"`
        IsDevice bool           `json:"mender.device,omitempty"`
        Plan     string         `json:"mender.plan,omitempty"`
        Addons   []addons.Addon `json:"mender.addons,omitempty"`
        Trial    bool           `json:"mender.trial"`
}

// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
// if not present looks for a "JWT" cookie.
func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {
        auth := r.Header.Get("Authorization")
        if auth == "" {
                jwtCookie, err := r.Cookie("JWT")
                if err != nil {
                        return "", errors.New("Authorization not present in header")
                }
                jwt = jwtCookie.Value
        } else {
                auths := strings.Split(auth, " ")

                if len(auths) != 2 {
                        return "", errors.Errorf("malformed Authorization header")
                }

                if !strings.EqualFold(auths[0], "Bearer") {
                        return "", errors.Errorf("unknown Authorization method %s", auths[0])
                }
                jwt = auths[1]
        }
        return jwt, nil
}

// Generate identity information from given JWT by extracting subject and tenant claims.
// Note that this function does not perform any form of token signature
// verification.
func ExtractIdentity(token string) (id Identity, err error) {
        var (
                claims []byte
                jwt    []string
        )
        jwt = strings.Split(token, ".")
        if len(jwt) != 3 {
                return id, errors.New("identity: incorrect token format")
        }
        claims, err = base64.RawURLEncoding.DecodeString(jwt[1])
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode base64 JWT claims")
        }
        err = json.Unmarshal(claims, &id)
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode JSON JWT claims")
        }
        return id, id.Validate()
}

func (id Identity) Validate() error {
        if id.Subject == "" {
                return errors.New("identity: claim \"sub\" is required")
        }
        return nil
}

1	// Copyright 2024 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package identity
15
16	import (
17	"encoding/base64"
18	"encoding/json"
19	"net/http"
20	"strings"
21
22	"github.com/pkg/errors"
23
24	"github.com/mendersoftware/mender-server/pkg/addons"
25	)
26
27	type Identity struct {
28	Subject string `json:"sub" valid:"required"`
29	Tenant string `json:"mender.tenant,omitempty"`
30	IsUser bool `json:"mender.user,omitempty"`
31	IsDevice bool `json:"mender.device,omitempty"`
32	Plan string `json:"mender.plan,omitempty"`
33	Addons []addons.Addon `json:"mender.addons,omitempty"`
34	Trial bool `json:"mender.trial"`
35	}
36
37	// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
38	// if not present looks for a "JWT" cookie.
39	func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {	4✔
40	auth := r.Header.Get("Authorization")	4✔
41	if auth == "" {	5✔
42	jwtCookie, err := r.Cookie("JWT")	1✔
43	if err != nil {	1✔
UNCOV 44	return "", errors.New("Authorization not present in header")	×
UNCOV 45	}	×
46	jwt = jwtCookie.Value	1✔
47	} else {	4✔
48	auths := strings.Split(auth, " ")	4✔
49		4✔
50	if len(auths) != 2 {	4✔
UNCOV 51	return "", errors.Errorf("malformed Authorization header")	×
UNCOV 52	}	×
53
54	if !strings.EqualFold(auths[0], "Bearer") {	4✔
UNCOV 55	return "", errors.Errorf("unknown Authorization method %s", auths[0])	×
UNCOV 56	}	×
57	jwt = auths[1]	4✔
58	}
59	return jwt, nil	4✔
60	}
61
62	// Generate identity information from given JWT by extracting subject and tenant claims.
63	// Note that this function does not perform any form of token signature
64	// verification.
65	func ExtractIdentity(token string) (id Identity, err error) {	4✔
66	var (	4✔
67	claims []byte	4✔
68	jwt []string	4✔
69	)	4✔
70	jwt = strings.Split(token, ".")	4✔
71	if len(jwt) != 3 {	4✔
UNCOV 72	return id, errors.New("identity: incorrect token format")	×
UNCOV 73	}	×
74	claims, err = base64.RawURLEncoding.DecodeString(jwt[1])	4✔
75	if err != nil {	4✔
76	return id, errors.Wrap(err,	×
77	"identity: failed to decode base64 JWT claims")	×
78	}	×
79	err = json.Unmarshal(claims, &id)	4✔
80	if err != nil {	4✔
UNCOV 81	return id, errors.Wrap(err,	×
UNCOV 82	"identity: failed to decode JSON JWT claims")	×
UNCOV 83	}	×
84	return id, id.Validate()	4✔
85	}
86
87	func (id Identity) Validate() error {	4✔
88	if id.Subject == "" {	4✔
89	return errors.New("identity: claim \"sub\" is required")	×
90	}	×
91	return nil	4✔
92	}

mendersoftware / mender-server / 1622978334

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous