diff --git a/middleware/auth_test.go b/middleware/auth_test.go index dfd7041..5cbad65 100644 --- a/middleware/auth_test.go +++ b/middleware/auth_test.go @@ -34,7 +34,9 @@ func TestAuthJWTCookie(t *testing.T) { handler := func(w http.ResponseWriter, r *http.Request) { u, err := token.GetUserInfo(r) assert.NoError(t, err) - assert.Equal(t, token.User{Name: "name1", ID: "id1", Picture: "http://example.com/pic.png", IP: "127.0.0.1", Email: "me@example.com", Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, u) + assert.Equal(t, token.User{Name: "name1", ID: "id1", Picture: "http://example.com/pic.png", + IP: "127.0.0.1", Email: "me@example.com", Audience: "test_sys", + Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, u) w.WriteHeader(201) } mux.Handle("/auth", a.Auth(http.HandlerFunc(handler))) diff --git a/token/jwt.go b/token/jwt.go index b89e307..ab17d92 100644 --- a/token/jwt.go +++ b/token/jwt.go @@ -259,6 +259,9 @@ func (j *Service) Get(r *http.Request) (Claims, string, error) { return Claims{}, "", errors.New("xsrf mismatch") } } + if claims.User != nil { + claims.User.Audience = claims.Audience + } return claims, tokenString, nil } diff --git a/token/jwt_test.go b/token/jwt_test.go index c58c66e..7a4ac59 100644 --- a/token/jwt_test.go +++ b/token/jwt_test.go @@ -264,7 +264,8 @@ func TestJWT_GetFromHeader(t *testing.T) { assert.Equal(t, testJwtValid, token) assert.False(t, j.IsExpired(claims)) assert.Equal(t, &User{Name: "name1", ID: "id1", Picture: "http://example.com/pic.png", IP: "127.0.0.1", - Email: "me@example.com", Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, claims.User) + Email: "me@example.com", Audience: "test_sys", + Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, claims.User) assert.Equal(t, "remark42", claims.Issuer) req = httptest.NewRequest("GET", "/", nil) @@ -295,7 +296,8 @@ func TestJWT_GetFromQuery(t *testing.T) { assert.Equal(t, testJwtValid, token) assert.False(t, j.IsExpired(claims)) assert.Equal(t, &User{Name: "name1", ID: "id1", Picture: "http://example.com/pic.png", IP: "127.0.0.1", - Email: "me@example.com", Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, claims.User) + Email: "me@example.com", Audience: "test_sys", + Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, claims.User) assert.Equal(t, "remark42", claims.Issuer) req = httptest.NewRequest("GET", "/blah?token="+testJwtExpired, nil) @@ -349,7 +351,8 @@ func TestJWT_SetAndGetWithCookies(t *testing.T) { r, _, err := j.Get(req) assert.Nil(t, err) assert.Equal(t, &User{Name: "name1", ID: "id1", Picture: "http://example.com/pic.png", IP: "127.0.0.1", - Email: "me@example.com", Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, r.User) + Email: "me@example.com", Audience: "test_sys", + Attributes: map[string]interface{}{"boola": true, "stra": "stra-val"}}, r.User) assert.Equal(t, "remark42", claims.Issuer) assert.Equal(t, true, claims.SessionOnly) t.Log(resp.Cookies()) diff --git a/token/user.go b/token/user.go index f23f966..c78648e 100644 --- a/token/user.go +++ b/token/user.go @@ -21,9 +21,10 @@ const adminAttr = "admin" // predefined attribute key for bool isAdmin status // User is the basic part of oauth data provided by service type User struct { // set by service - Name string `json:"name"` - ID string `json:"id"` - Picture string `json:"picture"` + Name string `json:"name"` + ID string `json:"id"` + Picture string `json:"picture"` + Audience string `json:"aud,omitempty"` // set by client IP string `json:"ip,omitempty"`