diff --git a/api/keycloak_client.go b/api/keycloak_client.go index 294f837..854f1ba 100644 --- a/api/keycloak_client.go +++ b/api/keycloak_client.go @@ -11,13 +11,12 @@ import ( commonhttp "github.com/cloudtrust/common-service/v2/errors" "github.com/cloudtrust/keycloak-client/v2" "github.com/cloudtrust/keycloak-client/v2/toolbox" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "gopkg.in/h2non/gentleman.v2" "gopkg.in/h2non/gentleman.v2/plugin" "gopkg.in/h2non/gentleman.v2/plugins/query" "gopkg.in/h2non/gentleman.v2/plugins/timeout" - - jwt "github.com/gbrlsnchs/jwt/v2" ) // Client is the keycloak client. @@ -330,20 +329,18 @@ func extractHostFromToken(token string) (string, error) { return u.Host, nil } -func extractIssuerFromToken(token string) (string, error) { - payload, _, err := jwt.Parse(token) - +func extractIssuerFromToken(tokenStr string) (string, error) { + token, _, err := jwt.NewParser().ParseUnverified(tokenStr, jwt.MapClaims{}) if err != nil { return "", errors.Wrap(err, keycloak.MsgErrCannotParse+"."+keycloak.TokenMsg) } - var jot Token - - if err = jwt.Unmarshal(payload, &jot); err != nil { - return "", errors.Wrap(err, keycloak.MsgErrCannotUnmarshal+"."+keycloak.TokenMsg) + issuer, err := token.Claims.GetIssuer() + if err != nil { + return "", errors.Wrap(err, keycloak.MsgErrCannotGetIssuer+"."+keycloak.TokenMsg) } - return jot.Issuer, nil + return issuer, nil } // createQueryPlugins create query parameters with the key values paramKV. diff --git a/api/keycloak_client_test.go b/api/keycloak_client_test.go new file mode 100644 index 0000000..3e86040 --- /dev/null +++ b/api/keycloak_client_test.go @@ -0,0 +1,25 @@ +package api + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +const accessTokenValid = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJodHRwczovL3NhbXBsZS5jb20vIn0.xLlV0CYqKDIPI-_IEABEcjRnKVNklivaw9WRmR8SXto" + +func TestExtractIssuerFromToken(t *testing.T) { + t.Run("Can't parse JWT", func(t *testing.T) { + var _, err = extractIssuerFromToken("AAABBBCCC") + assert.NotNil(t, err) + }) + t.Run("Can't unmarshal token", func(t *testing.T) { + var _, err = extractIssuerFromToken("AAA.BBB.CCC") + assert.NotNil(t, err) + }) + t.Run("Valid token", func(t *testing.T) { + var issuer, err = extractIssuerFromToken(accessTokenValid) + assert.Nil(t, err) + assert.Equal(t, "https://sample.com/", issuer) + }) +} diff --git a/errormessages.go b/errormessages.go index bcf0189..a85e8f1 100644 --- a/errormessages.go +++ b/errormessages.go @@ -17,6 +17,7 @@ const ( MsgErrUnknownResponseStatusCode = "unknownResponseStatusCode" MsgErrExistingValue = "existing" MsgErrReadOnly = "readOnlyValue" + MsgErrCannotGetIssuer = "cannotGetIssuer" EvenParams = "key/valParametersShouldBeEven" TokenProviderURL = "tokenProviderURL" diff --git a/go.mod b/go.mod index 562f8d7..1aa5c88 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.22 require ( github.com/cloudtrust/common-service/v2 v2.8.4 github.com/coreos/go-oidc v2.2.1+incompatible - github.com/gbrlsnchs/jwt/v2 v2.0.0 github.com/go-kit/kit v0.13.0 + github.com/golang-jwt/jwt/v5 v5.2.1 github.com/golang/mock v1.6.0 github.com/gorilla/mux v1.8.1 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index a5d296f..6507aaf 100644 --- a/go.sum +++ b/go.sum @@ -5,14 +5,14 @@ github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHo github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gbrlsnchs/jwt/v2 v2.0.0 h1:4iEVJykJPXrCimVaQJAfBWKAvuzDJi5fDdUBdrdTZ3M= -github.com/gbrlsnchs/jwt/v2 v2.0.0/go.mod h1:7kIj4oeJPffUpLL8RnU5Y3xT1Sm/VuFqjv8T1tqhqc8= github.com/go-kit/kit v0.13.0 h1:OoneCcHKHQ03LfBpoQCUfCluwd2Vt3ohz+kvbJneZAU= github.com/go-kit/kit v0.13.0/go.mod h1:phqEHMMUbyrCFCTgH48JueqrM3md2HcAZ8N3XE4FKDg= github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4= github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= diff --git a/toolbox/mock/profile.go b/toolbox/mock/profile.go index 2327bc4..1439b09 100644 --- a/toolbox/mock/profile.go +++ b/toolbox/mock/profile.go @@ -13,7 +13,7 @@ import ( context "context" reflect "reflect" - v2 "github.com/cloudtrust/keycloak-client/v2" + keycloak "github.com/cloudtrust/keycloak-client/v2" gomock "go.uber.org/mock/gomock" ) @@ -42,10 +42,10 @@ func (m *ProfileRetriever) EXPECT() *ProfileRetrieverMockRecorder { } // GetRealm mocks base method. -func (m *ProfileRetriever) GetRealm(accessToken, realmName string) (v2.RealmRepresentation, error) { +func (m *ProfileRetriever) GetRealm(accessToken, realmName string) (keycloak.RealmRepresentation, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetRealm", accessToken, realmName) - ret0, _ := ret[0].(v2.RealmRepresentation) + ret0, _ := ret[0].(keycloak.RealmRepresentation) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -57,10 +57,10 @@ func (mr *ProfileRetrieverMockRecorder) GetRealm(accessToken, realmName any) *go } // GetUserProfile mocks base method. -func (m *ProfileRetriever) GetUserProfile(accessToken, realmName string) (v2.UserProfileRepresentation, error) { +func (m *ProfileRetriever) GetUserProfile(accessToken, realmName string) (keycloak.UserProfileRepresentation, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetUserProfile", accessToken, realmName) - ret0, _ := ret[0].(v2.UserProfileRepresentation) + ret0, _ := ret[0].(keycloak.UserProfileRepresentation) ret1, _ := ret[1].(error) return ret0, ret1 } diff --git a/vendor/modules.txt b/vendor/modules.txt index cf70f0a..1224da8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -11,7 +11,6 @@ github.com/coreos/go-oidc github.com/davecgh/go-spew/spew # github.com/gbrlsnchs/jwt/v2 v2.0.0 ## explicit -github.com/gbrlsnchs/jwt/v2 # github.com/go-kit/kit v0.13.0 ## explicit; go 1.17 github.com/go-kit/kit/endpoint @@ -23,6 +22,9 @@ github.com/go-kit/log # github.com/go-logfmt/logfmt v0.6.0 ## explicit; go 1.17 github.com/go-logfmt/logfmt +# github.com/golang-jwt/jwt/v5 v5.2.1 +## explicit; go 1.18 +github.com/golang-jwt/jwt/v5 # github.com/golang/mock v1.6.0 ## explicit; go 1.11 github.com/golang/mock/mockgen/model