user: more convenient way to read claims that have already been validated

2015-10-20 10:44:33 -07:00 · 2015-10-20 10:44:33 -07:00 · 2cdb6c0adb
parent 792b72ef54
commit 2cdb6c0adb
4 changed files with 43 additions and 29 deletions
--- a/user/email_verification.go
+++ b/user/email_verification.go
@ -65,30 +65,13 @@ func ParseAndVerifyEmailVerificationToken(token string, issuer url.URL, keys []k
 }

 func (e EmailVerification) UserID() string {
-	uid, ok, err := e.Claims.StringClaim("sub")
-	if !ok || err != nil {
-		panic("EmailVerification: no sub claim. This should be impossible.")
-	}
-	return uid
+	return assertStringClaim(e.Claims, "sub")
 }

 func (e EmailVerification) Email() string {
-	email, ok, err := e.Claims.StringClaim(ClaimEmailVerificationEmail)
-	if !ok || err != nil {
-		panic("EmailVerification: no email claim. This should be impossible.")
-	}
-	return email
+	return assertStringClaim(e.Claims, ClaimEmailVerificationEmail)
 }

 func (e EmailVerification) Callback() *url.URL {
-	cb, ok, err := e.Claims.StringClaim(ClaimEmailVerificationCallback)
-	if !ok || err != nil {
-		panic("EmailVerification: no callback claim. This should be impossible.")
-	}
-
-	cbURL, err := url.Parse(cb)
-	if err != nil {
-		panic("EmailVerificaiton: can't parse callback. This should be impossible.")
-	}
-	return cbURL
+	return assertURLClaim(e.Claims, ClaimEmailVerificationCallback)
 }
--- a/user/invitation.go
+++ b/user/invitation.go
@ -57,3 +57,24 @@ func ParseAndVerifyInvitationToken(token string, issuer url.URL, keys []key.Publ

 	return Invitation{tokenClaims.Claims}, nil
 }
+
+func (iv Invitation) UserID() string {
+	return assertStringClaim(iv.Claims, "sub")
+}
+
+func (iv Invitation) Password() Password {
+	pw := assertStringClaim(iv.Claims, ClaimPasswordResetPassword)
+	return Password(pw)
+}
+
+func (iv Invitation) Email() string {
+	return assertStringClaim(iv.Claims, ClaimEmailVerificationEmail)
+}
+
+func (iv Invitation) ClientID() string {
+	return assertStringClaim(iv.Claims, "aud")
+}
+
+func (iv Invitation) Callback() *url.URL {
+	return assertURLClaim(iv.Claims, ClaimInvitationCallback)
+}
--- a/user/password.go
+++ b/user/password.go
@ -257,18 +257,11 @@ func ParseAndVerifyPasswordResetToken(token string, issuer url.URL, keys []key.P
 }

 func (e PasswordReset) UserID() string {
-	uid, ok, err := e.Claims.StringClaim("sub")
-	if !ok || err != nil {
-		panic("PasswordReset: no sub claim. This should be impossible.")
-	}
-	return uid
+	return assertStringClaim(e.Claims, "sub")
 }

 func (e PasswordReset) Password() Password {
-	pw, ok, err := e.Claims.StringClaim(ClaimPasswordResetPassword)
-	if !ok || err != nil {
-		panic("PasswordReset: no password claim. This should be impossible.")
-	}
+	pw := assertStringClaim(e.Claims, ClaimPasswordResetPassword)
 	return Password(pw)
 }

--- a/user/user.go
+++ b/user/user.go
@ -42,6 +42,23 @@ const (
 	ClaimInvitationCallback = "http://coreos.com/invitation/callback"
 )

+func assertStringClaim(claims jose.Claims, k string) string {
+	s, ok, err := claims.StringClaim(k)
+	if !ok || err != nil {
+		panic("claims were not validated correctly")
+	}
+	return s
+}
+
+func assertURLClaim(claims jose.Claims, k string) *url.URL {
+	ustring := assertStringClaim(claims, k)
+	ret, err := url.Parse(ustring)
+	if err != nil {
+		panic("url claim was not validated correctly")
+	}
+	return ret
+}
+
 type UserIDGenerator func() (string, error)

 func DefaultUserIDGenerator() (string, error) {