user: more convenient way to read claims that have already been validated
This commit is contained in:
Joe Bowers
parent
792b72ef54
commit
2cdb6c0adb
4 changed files with 43 additions and 29 deletions
|
|
@ -65,30 +65,13 @@ func ParseAndVerifyEmailVerificationToken(token string, issuer url.URL, keys []k
|
|||
}
|
||||
|
||||
func (e EmailVerification) UserID() string {
|
||||
uid, ok, err := e.Claims.StringClaim("sub")
|
||||
if !ok || err != nil {
|
||||
panic("EmailVerification: no sub claim. This should be impossible.")
|
||||
}
|
||||
return uid
|
||||
return assertStringClaim(e.Claims, "sub")
|
||||
}
|
||||
|
||||
func (e EmailVerification) Email() string {
|
||||
email, ok, err := e.Claims.StringClaim(ClaimEmailVerificationEmail)
|
||||
if !ok || err != nil {
|
||||
panic("EmailVerification: no email claim. This should be impossible.")
|
||||
}
|
||||
return email
|
||||
return assertStringClaim(e.Claims, ClaimEmailVerificationEmail)
|
||||
}
|
||||
|
||||
func (e EmailVerification) Callback() *url.URL {
|
||||
cb, ok, err := e.Claims.StringClaim(ClaimEmailVerificationCallback)
|
||||
if !ok || err != nil {
|
||||
panic("EmailVerification: no callback claim. This should be impossible.")
|
||||
}
|
||||
|
||||
cbURL, err := url.Parse(cb)
|
||||
if err != nil {
|
||||
panic("EmailVerificaiton: can't parse callback. This should be impossible.")
|
||||
}
|
||||
return cbURL
|
||||
return assertURLClaim(e.Claims, ClaimEmailVerificationCallback)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -57,3 +57,24 @@ func ParseAndVerifyInvitationToken(token string, issuer url.URL, keys []key.Publ
|
|||
|
||||
return Invitation{tokenClaims.Claims}, nil
|
||||
}
|
||||
|
||||
func (iv Invitation) UserID() string {
|
||||
return assertStringClaim(iv.Claims, "sub")
|
||||
}
|
||||
|
||||
func (iv Invitation) Password() Password {
|
||||
pw := assertStringClaim(iv.Claims, ClaimPasswordResetPassword)
|
||||
return Password(pw)
|
||||
}
|
||||
|
||||
func (iv Invitation) Email() string {
|
||||
return assertStringClaim(iv.Claims, ClaimEmailVerificationEmail)
|
||||
}
|
||||
|
||||
func (iv Invitation) ClientID() string {
|
||||
return assertStringClaim(iv.Claims, "aud")
|
||||
}
|
||||
|
||||
func (iv Invitation) Callback() *url.URL {
|
||||
return assertURLClaim(iv.Claims, ClaimInvitationCallback)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -257,18 +257,11 @@ func ParseAndVerifyPasswordResetToken(token string, issuer url.URL, keys []key.P
|
|||
}
|
||||
|
||||
func (e PasswordReset) UserID() string {
|
||||
uid, ok, err := e.Claims.StringClaim("sub")
|
||||
if !ok || err != nil {
|
||||
panic("PasswordReset: no sub claim. This should be impossible.")
|
||||
}
|
||||
return uid
|
||||
return assertStringClaim(e.Claims, "sub")
|
||||
}
|
||||
|
||||
func (e PasswordReset) Password() Password {
|
||||
pw, ok, err := e.Claims.StringClaim(ClaimPasswordResetPassword)
|
||||
if !ok || err != nil {
|
||||
panic("PasswordReset: no password claim. This should be impossible.")
|
||||
}
|
||||
pw := assertStringClaim(e.Claims, ClaimPasswordResetPassword)
|
||||
return Password(pw)
|
||||
}
|
||||
|
||||
|
|
|
|||
17
user/user.go
17
user/user.go
|
|
@ -42,6 +42,23 @@ const (
|
|||
ClaimInvitationCallback = "http://coreos.com/invitation/callback"
|
||||
)
|
||||
|
||||
func assertStringClaim(claims jose.Claims, k string) string {
|
||||
s, ok, err := claims.StringClaim(k)
|
||||
if !ok || err != nil {
|
||||
panic("claims were not validated correctly")
|
||||
}
|
||||
return s
|
||||
}
|
||||
|
||||
func assertURLClaim(claims jose.Claims, k string) *url.URL {
|
||||
ustring := assertStringClaim(claims, k)
|
||||
ret, err := url.Parse(ustring)
|
||||
if err != nil {
|
||||
panic("url claim was not validated correctly")
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
type UserIDGenerator func() (string, error)
|
||||
|
||||
func DefaultUserIDGenerator() (string, error) {
|
||||
|
|
|
|||
Reference in a new issue