1961830404

Committed 01 Aug 2025 06:29PM UTC coverage: 65.815% (+0.3%) from 65.555%

Build # 1961830404

Build Type

Pull #849

gitlab-ci

Committed by

web-flow

Commit Message

chore: bump the backend-docker-dependencies group across 10 directories with 2 updates

Bumps the backend-docker-dependencies group with 2 updates in the /backend/services/create-artifact-worker directory: golang and alpine.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/deployments directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/deviceauth directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/deviceconfig directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/deviceconnect directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/inventory directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/iot-manager directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/reporting directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/useradm directory: golang.
Bumps the backend-docker-dependencies group with 1 update in the /backend/services/workflows directory: golang.


Updates `golang` from 1.24.4 to 1.24.5

Updates `alpine` from 3.22.0 to 3.22.1

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

Updates `golang` from 1.24.4 to 1.24.5

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.24.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-docker-dependencies
- dependency-name: alpine
  dependency-version: 3.22.1
  dependency-type: direct:production... (continued)

Pull Request Pull Request #849: chore: bump the backend-docker-dependencies group across 10 directories with 2 updates

Run Details

29335 of 44572 relevant lines covered (65.81%)

1.44 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.27

/backend/pkg/identity/token.go

// Copyright 2024 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package identity

import (
        "encoding/base64"
        "encoding/json"
        "net/http"
        "strings"

        "github.com/pkg/errors"

        "github.com/mendersoftware/mender-server/pkg/addons"
)

type Identity struct {
        Subject  string         `json:"sub" valid:"required"`
        Tenant   string         `json:"mender.tenant,omitempty"`
        IsUser   bool           `json:"mender.user,omitempty"`
        IsDevice bool           `json:"mender.device,omitempty"`
        Plan     string         `json:"mender.plan,omitempty"`
        Addons   []addons.Addon `json:"mender.addons,omitempty"`
        Trial    bool           `json:"mender.trial"`
}

// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
// if not present looks for a "JWT" cookie.
func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {
        auth := r.Header.Get("Authorization")
        if auth == "" {
                jwtCookie, err := r.Cookie("JWT")
                if err != nil {
                        return "", errors.New("Authorization not present in header")
                }
                jwt = jwtCookie.Value
        } else {
                auths := strings.Split(auth, " ")

                if len(auths) != 2 {
                        return "", errors.Errorf("malformed Authorization header")
                }

                if !strings.EqualFold(auths[0], "Bearer") {
                        return "", errors.Errorf("unknown Authorization method %s", auths[0])
                }
                jwt = auths[1]
        }
        return jwt, nil
}

// Generate identity information from given JWT by extracting subject and tenant claims.
// Note that this function does not perform any form of token signature
// verification.
func ExtractIdentity(token string) (id Identity, err error) {
        var (
                claims []byte
                jwt    []string
        )
        jwt = strings.Split(token, ".")
        if len(jwt) != 3 {
                return id, errors.New("identity: incorrect token format")
        }
        claims, err = base64.RawURLEncoding.DecodeString(jwt[1])
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode base64 JWT claims")
        }
        err = json.Unmarshal(claims, &id)
        if err != nil {
                return id, errors.Wrap(err,
                        "identity: failed to decode JSON JWT claims")
        }
        return id, id.Validate()
}

func (id Identity) Validate() error {
        if id.Subject == "" {
                return errors.New("identity: claim \"sub\" is required")
        }
        return nil
}

1	// Copyright 2024 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package identity
15
16	import (
17	"encoding/base64"
18	"encoding/json"
19	"net/http"
20	"strings"
21
22	"github.com/pkg/errors"
23
24	"github.com/mendersoftware/mender-server/pkg/addons"
25	)
26
27	type Identity struct {
28	Subject string `json:"sub" valid:"required"`
29	Tenant string `json:"mender.tenant,omitempty"`
30	IsUser bool `json:"mender.user,omitempty"`
31	IsDevice bool `json:"mender.device,omitempty"`
32	Plan string `json:"mender.plan,omitempty"`
33	Addons []addons.Addon `json:"mender.addons,omitempty"`
34	Trial bool `json:"mender.trial"`
35	}
36
37	// ExtractJWTFromHeader inspect the Authorization header for a Bearer token and
38	// if not present looks for a "JWT" cookie.
39	func ExtractJWTFromHeader(r *http.Request) (jwt string, err error) {	8✔
40	auth := r.Header.Get("Authorization")	8✔
41	if auth == "" {	12✔
42	jwtCookie, err := r.Cookie("JWT")	4✔
43	if err != nil {	7✔
44	return "", errors.New("Authorization not present in header")	3✔
45	}	3✔
46	jwt = jwtCookie.Value	1✔
47	} else {	8✔
48	auths := strings.Split(auth, " ")	8✔
49		8✔
50	if len(auths) != 2 {	10✔
51	return "", errors.Errorf("malformed Authorization header")	2✔
52	}	2✔
53
54	if !strings.EqualFold(auths[0], "Bearer") {	8✔
55	return "", errors.Errorf("unknown Authorization method %s", auths[0])	×
56	}	×
57	jwt = auths[1]	8✔
58	}
59	return jwt, nil	8✔
60	}
61
62	// Generate identity information from given JWT by extracting subject and tenant claims.
63	// Note that this function does not perform any form of token signature
64	// verification.
65	func ExtractIdentity(token string) (id Identity, err error) {	8✔
66	var (	8✔
67	claims []byte	8✔
68	jwt []string	8✔
69	)	8✔
70	jwt = strings.Split(token, ".")	8✔
71	if len(jwt) != 3 {	10✔
72	return id, errors.New("identity: incorrect token format")	2✔
73	}	2✔
74	claims, err = base64.RawURLEncoding.DecodeString(jwt[1])	8✔
75	if err != nil {	8✔
76	return id, errors.Wrap(err,	×
77	"identity: failed to decode base64 JWT claims")	×
78	}	×
79	err = json.Unmarshal(claims, &id)	8✔
80	if err != nil {	8✔
81	return id, errors.Wrap(err,	×
82	"identity: failed to decode JSON JWT claims")	×
83	}	×
84	return id, id.Validate()	8✔
85	}
86
87	func (id Identity) Validate() error {	8✔
88	if id.Subject == "" {	8✔
89	return errors.New("identity: claim \"sub\" is required")	×
90	}	×
91	return nil	8✔
92	}

mendersoftware / mender-server / 1961830404

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous