1833359013

Committed 23 May 2025 01:25PM UTC coverage: 66.318% (+0.5%) from 65.861%

Build # 1833359013

Build Type

Pull #674

gitlab-ci

Committed by

mzedel

Commit Message

fix(gui): prevented device tag editor to be shown when no tags exist

- this is to reduce confusion about tags defined async to the current session not being visible

Ticket: ME-528
Signed-off-by: Manuel Zedel <manuel.zedel@northern.tech>

Pull Request Pull Request #674: ME-529, ME-528 - adjustments to device tag editing

Run Details

29554 of 44564 relevant lines covered (66.32%)

1.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

88.64

/backend/pkg/identity/token.go

// Copyright 2024 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package identity

import (
        "encoding/base64"
        "encoding/json"
        "net/http"
        "strings"

        "github.com/pkg/errors"

        "github.com/mendersoftware/mender-server/pkg/addons"
)

type Identity struct {
        Subject  string         `json:"sub" valid:"required"`
        Tenant   string         `json:"mender.tenant,omitempty"`
        IsUser   bool           `json:"mender.user,omitempty"`
        IsDevice bool           `json:"mender.device,omitempty"`
        Plan     string         `json:"mender.plan,omitempty"`
        Addons   []addons.Addon `json:"mender.addons,omitempty"`
        Trial    bool           `json:"mender.trial"`
}

// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
// if not present looks for a "JWT" cookie.
func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {
        auth := r.Header.Get("Authorization")
        if auth == "" {
                jwtCookie, err := r.Cookie("JWT")
                if err != nil {
                        return "", errors.New("Authorization not present in header")
                }
                jwt = jwtCookie.Value
        } else {
                auths := strings.Split(auth, " ")

                if len(auths) != 2 {
                        return "", errors.Errorf("malformed Authorization header")
                }

                if !strings.EqualFold(auths[0], "Bearer") {
                        return "", errors.Errorf("unknown Authorization method %s", auths[0])
                }
                jwt = auths[1]
        }
        return jwt, nil
}

// Generate identity information from given JWT by extracting subject and tenant claims.
// Note that this function does not perform any form of token signature
// verification.
func ExtractIdentity(token string) (id Identity, err error) {
        var (
                claims []byte
                jwt    []string
        )
        jwt = strings.Split(token, ".")
        if len(jwt) != 3 {
                return id, errors.New("identity: incorrect token format")
        }
        claims, err = base64.RawURLEncoding.DecodeString(jwt[1])
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode base64 JWT claims")
        }
        err = json.Unmarshal(claims, &id)
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode JSON JWT claims")
        }
        return id, id.Validate()
}

func (id Identity) Validate() error {
        if id.Subject == "" {
                return errors.New("identity: claim \"sub\" is required")
        }
        return nil
}

1	// Copyright 2024 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package identity
15
16	import (
17	"encoding/base64"
18	"encoding/json"
19	"net/http"
20	"strings"
21
22	"github.com/pkg/errors"
23
24	"github.com/mendersoftware/mender-server/pkg/addons"
25	)
26
27	type Identity struct {
28	Subject string `json:"sub" valid:"required"`
29	Tenant string `json:"mender.tenant,omitempty"`
30	IsUser bool `json:"mender.user,omitempty"`
31	IsDevice bool `json:"mender.device,omitempty"`
32	Plan string `json:"mender.plan,omitempty"`
33	Addons []addons.Addon `json:"mender.addons,omitempty"`
34	Trial bool `json:"mender.trial"`
35	}
36
37	// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
38	// if not present looks for a "JWT" cookie.
39	func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {	8✔
40	auth := r.Header.Get("Authorization")	8✔
41	if auth == "" {	13✔
42	jwtCookie, err := r.Cookie("JWT")	5✔
43	if err != nil {	9✔
44	return "", errors.New("Authorization not present in header")	4✔
45	}	4✔
46	jwt = jwtCookie.Value	1✔
47	} else {	8✔
48	auths := strings.Split(auth, " ")	8✔
49		8✔
50	if len(auths) != 2 {	11✔
51	return "", errors.Errorf("malformed Authorization header")	3✔
52	}	3✔
53
54	if !strings.EqualFold(auths[0], "Bearer") {	10✔
55	return "", errors.Errorf("unknown Authorization method %s", auths[0])	2✔
56	}	2✔
57	jwt = auths[1]	8✔
58	}
59	return jwt, nil	8✔
60	}
61
62	// Generate identity information from given JWT by extracting subject and tenant claims.
63	// Note that this function does not perform any form of token signature
64	// verification.
65	func ExtractIdentity(token string) (id Identity, err error) {	8✔
66	var (	8✔
67	claims []byte	8✔
68	jwt []string	8✔
69	)	8✔
70	jwt = strings.Split(token, ".")	8✔
71	if len(jwt) != 3 {	11✔
72	return id, errors.New("identity: incorrect token format")	3✔
73	}	3✔
74	claims, err = base64.RawURLEncoding.DecodeString(jwt[1])	8✔
75	if err != nil {	8✔
76	return id, errors.Wrap(err,	×
77	"identity: failed to decode base64 JWT claims")	×
78	}	×
79	err = json.Unmarshal(claims, &id)	8✔
80	if err != nil {	9✔
81	return id, errors.Wrap(err,	1✔
82	"identity: failed to decode JSON JWT claims")	1✔
83	}	1✔
84	return id, id.Validate()	7✔
85	}
86
87	func (id Identity) Validate() error {	7✔
88	if id.Subject == "" {	7✔
89	return errors.New("identity: claim \"sub\" is required")	×
90	}	×
91	return nil	7✔
92	}

mendersoftware / mender-server / 1833359013

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous