From 804bf46d055bf1962bedee11085f0457d126cef7 Mon Sep 17 00:00:00 2001 From: Nao YONASHIRO Date: Mon, 8 Jan 2018 10:02:09 +0900 Subject: [PATCH] samlsp: use current time for the JWT rather than the IssueInstant from the assertion (#130) fixes #122 jwt-go not support leeway parameter --- samlsp/middleware.go | 2 +- samlsp/middleware_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/samlsp/middleware.go b/samlsp/middleware.go index 6ae7a7d7..3e61ea44 100644 --- a/samlsp/middleware.go +++ b/samlsp/middleware.go @@ -252,7 +252,7 @@ func (m *Middleware) Authorize(w http.ResponseWriter, r *http.Request, assertion now := saml.TimeNow() claims := TokenClaims{} claims.Audience = m.ServiceProvider.Metadata().EntityID - claims.IssuedAt = assertion.IssueInstant.Unix() + claims.IssuedAt = now.Unix() claims.ExpiresAt = now.Add(m.CookieMaxAge).Unix() claims.NotBefore = now.Unix() if sub := assertion.Subject; sub != nil { diff --git a/samlsp/middleware_test.go b/samlsp/middleware_test.go index 47292a1b..fe46e861 100644 --- a/samlsp/middleware_test.go +++ b/samlsp/middleware_test.go @@ -50,7 +50,7 @@ func (tr *testRandomReader) Read(p []byte) (n int, err error) { return len(p), nil } -const expectedToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovLzE1NjYxNDQ0Lm5ncm9rLmlvL3NhbWwyL21ldGFkYXRhIiwiZXhwIjoxNDQ4OTQyMjI5LCJpYXQiOjE0NDg5MzQ5ODEsIm5iZiI6MTQ0ODkzNTAyOSwic3ViIjoiXzQxYmQyOTU5NzZkYWRkNzBlMTQ4MGYzMThlNzcyODQxIiwiYXR0ciI6eyJjbiI6WyJNZSBNeXNlbGYgQW5kIEkiXSwiZWR1UGVyc29uQWZmaWxpYXRpb24iOlsiTWVtYmVyIiwiU3RhZmYiXSwiZWR1UGVyc29uRW50aXRsZW1lbnQiOlsidXJuOm1hY2U6ZGlyOmVudGl0bGVtZW50OmNvbW1vbi1saWItdGVybXMiXSwiZWR1UGVyc29uUHJpbmNpcGFsTmFtZSI6WyJteXNlbGZAdGVzdHNoaWIub3JnIl0sImVkdVBlcnNvblNjb3BlZEFmZmlsaWF0aW9uIjpbIk1lbWJlckB0ZXN0c2hpYi5vcmciLCJTdGFmZkB0ZXN0c2hpYi5vcmciXSwiZWR1UGVyc29uVGFyZ2V0ZWRJRCI6WyIiXSwiZ2l2ZW5OYW1lIjpbIk1lIE15c2VsZiJdLCJzbiI6WyJBbmQgSSJdLCJ0ZWxlcGhvbmVOdW1iZXIiOlsiNTU1LTU1NTUiXSwidWlkIjpbIm15c2VsZiJdfX0.owRdm3bcXkYV4ePjcJw3qHILRLDhNHAdG3gddLOBJPw" +const expectedToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovLzE1NjYxNDQ0Lm5ncm9rLmlvL3NhbWwyL21ldGFkYXRhIiwiZXhwIjoxNDQ4OTQyMjI5LCJpYXQiOjE0NDg5MzUwMjksIm5iZiI6MTQ0ODkzNTAyOSwic3ViIjoiXzQxYmQyOTU5NzZkYWRkNzBlMTQ4MGYzMThlNzcyODQxIiwiYXR0ciI6eyJjbiI6WyJNZSBNeXNlbGYgQW5kIEkiXSwiZWR1UGVyc29uQWZmaWxpYXRpb24iOlsiTWVtYmVyIiwiU3RhZmYiXSwiZWR1UGVyc29uRW50aXRsZW1lbnQiOlsidXJuOm1hY2U6ZGlyOmVudGl0bGVtZW50OmNvbW1vbi1saWItdGVybXMiXSwiZWR1UGVyc29uUHJpbmNpcGFsTmFtZSI6WyJteXNlbGZAdGVzdHNoaWIub3JnIl0sImVkdVBlcnNvblNjb3BlZEFmZmlsaWF0aW9uIjpbIk1lbWJlckB0ZXN0c2hpYi5vcmciLCJTdGFmZkB0ZXN0c2hpYi5vcmciXSwiZWR1UGVyc29uVGFyZ2V0ZWRJRCI6WyIiXSwiZ2l2ZW5OYW1lIjpbIk1lIE15c2VsZiJdLCJzbiI6WyJBbmQgSSJdLCJ0ZWxlcGhvbmVOdW1iZXIiOlsiNTU1LTU1NTUiXSwidWlkIjpbIm15c2VsZiJdfX0.2MBH9f4aspGqmENebmtHiwfc7RFBlaNs_-jlTJKk6Bg" func (test *MiddlewareTest) SetUpTest(c *C) { saml.TimeNow = func() time.Time {