Merge pull request #105 from Dowwie/next
Updated aud within Validation, including membership validation testing
This commit is contained in:
Vincent Prouillet
GitHub
commit
639915f25b
|
|
@ -6,6 +6,8 @@
|
||||||
- Add support for verifying with modulus/exponent components for RSA
|
- Add support for verifying with modulus/exponent components for RSA
|
||||||
- Change API for both sign/verify to take a `Key` enum rather than bytes
|
- Change API for both sign/verify to take a `Key` enum rather than bytes
|
||||||
- Update to 2018 edition
|
- Update to 2018 edition
|
||||||
|
- Changed aud field type in Validation to `Option<HashSet<String>>`. Audience
|
||||||
|
validation now tests for "any-of-these" audience membership.
|
||||||
|
|
||||||
## 6.0.1 (2019-05-10)
|
## 6.0.1 (2019-05-10)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
|
use std::collections::HashSet;
|
||||||
use chrono::Utc;
|
use chrono::Utc;
|
||||||
use serde::ser::Serialize;
|
|
||||||
use serde_json::map::Map;
|
use serde_json::map::Map;
|
||||||
use serde_json::{from_value, to_value, Value};
|
use serde_json::{from_value, Value};
|
||||||
|
|
||||||
use crate::algorithms::Algorithm;
|
use crate::algorithms::Algorithm;
|
||||||
use crate::errors::{new_error, ErrorKind, Result};
|
use crate::errors::{new_error, ErrorKind, Result};
|
||||||
|
|
@ -21,7 +21,7 @@ use crate::errors::{new_error, ErrorKind, Result};
|
||||||
///
|
///
|
||||||
/// // Setting audience
|
/// // Setting audience
|
||||||
/// let mut validation = Validation::default();
|
/// let mut validation = Validation::default();
|
||||||
/// validation.set_audience(&"Me"); // string
|
/// validation.set_audience(&["Me"]); // a single string
|
||||||
/// validation.set_audience(&["Me", "You"]); // array of strings
|
/// validation.set_audience(&["Me", "You"]); // array of strings
|
||||||
/// ```
|
/// ```
|
||||||
#[derive(Debug, Clone, PartialEq)]
|
#[derive(Debug, Clone, PartialEq)]
|
||||||
|
|
@ -43,13 +43,11 @@ pub struct Validation {
|
||||||
///
|
///
|
||||||
/// Defaults to `false`.
|
/// Defaults to `false`.
|
||||||
pub validate_nbf: bool,
|
pub validate_nbf: bool,
|
||||||
/// If it contains a value, the validation will check that the `aud` field is the same as the
|
/// If it contains a value, the validation will check that the `aud` field is a member of the
|
||||||
/// one provided and will error otherwise.
|
/// audience provided and will error otherwise.
|
||||||
/// Since `aud` can be either a String or a Vec<String> in the JWT spec, you will need to use
|
|
||||||
/// the [set_audience](struct.Validation.html#method.set_audience) method to set it.
|
|
||||||
///
|
///
|
||||||
/// Defaults to `None`.
|
/// Defaults to `None`.
|
||||||
pub aud: Option<Value>,
|
pub aud: Option<HashSet<String>>,
|
||||||
/// If it contains a value, the validation will check that the `iss` field is the same as the
|
/// If it contains a value, the validation will check that the `iss` field is the same as the
|
||||||
/// one provided and will error otherwise.
|
/// one provided and will error otherwise.
|
||||||
///
|
///
|
||||||
|
|
@ -75,11 +73,9 @@ impl Validation {
|
||||||
validation
|
validation
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Since `aud` can be either a String or an array of String in the JWT spec, this method will take
|
/// `aud` is a collection of one or more acceptable audience members
|
||||||
/// care of serializing the value.
|
pub fn set_audience<T: ToString>(&mut self, items: &[T]) {
|
||||||
pub fn set_audience<T: Serialize>(&mut self, audience: &T) {
|
self.aud = Some(items.iter().map(|x| x.to_string()).collect())
|
||||||
// TODO: check if the value is a string or an array and error if not
|
|
||||||
self.aud = Some(to_value(audience).unwrap());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -145,7 +141,8 @@ pub fn validate(claims: &Map<String, Value>, options: &Validation) -> Result<()>
|
||||||
|
|
||||||
if let Some(ref correct_aud) = options.aud {
|
if let Some(ref correct_aud) = options.aud {
|
||||||
if let Some(aud) = claims.get("aud") {
|
if let Some(aud) = claims.get("aud") {
|
||||||
if aud != correct_aud {
|
let provided_aud: HashSet<String> = from_value(aud.clone())?;
|
||||||
|
if provided_aud.intersection(correct_aud).count() == 0 {
|
||||||
return Err(new_error(ErrorKind::InvalidAudience));
|
return Err(new_error(ErrorKind::InvalidAudience));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -346,9 +343,9 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn aud_string_ok() {
|
fn aud_string_ok() {
|
||||||
let mut claims = Map::new();
|
let mut claims = Map::new();
|
||||||
claims.insert("aud".to_string(), to_value("Everyone").unwrap());
|
claims.insert("aud".to_string(), to_value(["Everyone"]).unwrap());
|
||||||
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
||||||
validation.set_audience(&"Everyone");
|
validation.set_audience(&["Everyone"]);
|
||||||
let res = validate(&claims, &validation);
|
let res = validate(&claims, &validation);
|
||||||
assert!(res.is_ok());
|
assert!(res.is_ok());
|
||||||
}
|
}
|
||||||
|
|
@ -366,7 +363,7 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn aud_type_mismatch_fails() {
|
fn aud_type_mismatch_fails() {
|
||||||
let mut claims = Map::new();
|
let mut claims = Map::new();
|
||||||
claims.insert("aud".to_string(), to_value("Everyone").unwrap());
|
claims.insert("aud".to_string(), to_value(["Everyone"]).unwrap());
|
||||||
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
||||||
validation.set_audience(&["UserA", "UserB"]);
|
validation.set_audience(&["UserA", "UserB"]);
|
||||||
let res = validate(&claims, &validation);
|
let res = validate(&claims, &validation);
|
||||||
|
|
@ -381,9 +378,9 @@ mod tests {
|
||||||
#[test]
|
#[test]
|
||||||
fn aud_correct_type_not_matching_fails() {
|
fn aud_correct_type_not_matching_fails() {
|
||||||
let mut claims = Map::new();
|
let mut claims = Map::new();
|
||||||
claims.insert("aud".to_string(), to_value("Everyone").unwrap());
|
claims.insert("aud".to_string(), to_value(["Everyone"]).unwrap());
|
||||||
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
||||||
validation.set_audience(&"None");
|
validation.set_audience(&["None"]);
|
||||||
let res = validate(&claims, &validation);
|
let res = validate(&claims, &validation);
|
||||||
assert!(res.is_err());
|
assert!(res.is_err());
|
||||||
|
|
||||||
|
|
@ -397,7 +394,7 @@ mod tests {
|
||||||
fn aud_missing_fails() {
|
fn aud_missing_fails() {
|
||||||
let claims = Map::new();
|
let claims = Map::new();
|
||||||
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
let mut validation = Validation { validate_exp: false, ..Validation::default() };
|
||||||
validation.set_audience(&"None");
|
validation.set_audience(&["None"]);
|
||||||
let res = validate(&claims, &validation);
|
let res = validate(&claims, &validation);
|
||||||
assert!(res.is_err());
|
assert!(res.is_err());
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue