From 2cdb6c0adb0472b771234c4ca794680587807216 Mon Sep 17 00:00:00 2001 From: Joe Bowers Date: Tue, 20 Oct 2015 10:44:33 -0700 Subject: [PATCH] user: more convenient way to read claims that have already been validated --- user/email_verification.go | 23 +++-------------------- user/invitation.go | 21 +++++++++++++++++++++ user/password.go | 11 ++--------- user/user.go | 17 +++++++++++++++++ 4 files changed, 43 insertions(+), 29 deletions(-) diff --git a/user/email_verification.go b/user/email_verification.go index 0d0c8fdd..79e40328 100644 --- a/user/email_verification.go +++ b/user/email_verification.go @@ -65,30 +65,13 @@ func ParseAndVerifyEmailVerificationToken(token string, issuer url.URL, keys []k } func (e EmailVerification) UserID() string { - uid, ok, err := e.Claims.StringClaim("sub") - if !ok || err != nil { - panic("EmailVerification: no sub claim. This should be impossible.") - } - return uid + return assertStringClaim(e.Claims, "sub") } func (e EmailVerification) Email() string { - email, ok, err := e.Claims.StringClaim(ClaimEmailVerificationEmail) - if !ok || err != nil { - panic("EmailVerification: no email claim. This should be impossible.") - } - return email + return assertStringClaim(e.Claims, ClaimEmailVerificationEmail) } func (e EmailVerification) Callback() *url.URL { - cb, ok, err := e.Claims.StringClaim(ClaimEmailVerificationCallback) - if !ok || err != nil { - panic("EmailVerification: no callback claim. This should be impossible.") - } - - cbURL, err := url.Parse(cb) - if err != nil { - panic("EmailVerificaiton: can't parse callback. This should be impossible.") - } - return cbURL + return assertURLClaim(e.Claims, ClaimEmailVerificationCallback) } diff --git a/user/invitation.go b/user/invitation.go index b1dbbfb1..4daa503c 100644 --- a/user/invitation.go +++ b/user/invitation.go @@ -57,3 +57,24 @@ func ParseAndVerifyInvitationToken(token string, issuer url.URL, keys []key.Publ return Invitation{tokenClaims.Claims}, nil } + +func (iv Invitation) UserID() string { + return assertStringClaim(iv.Claims, "sub") +} + +func (iv Invitation) Password() Password { + pw := assertStringClaim(iv.Claims, ClaimPasswordResetPassword) + return Password(pw) +} + +func (iv Invitation) Email() string { + return assertStringClaim(iv.Claims, ClaimEmailVerificationEmail) +} + +func (iv Invitation) ClientID() string { + return assertStringClaim(iv.Claims, "aud") +} + +func (iv Invitation) Callback() *url.URL { + return assertURLClaim(iv.Claims, ClaimInvitationCallback) +} diff --git a/user/password.go b/user/password.go index e97bf240..2c604029 100644 --- a/user/password.go +++ b/user/password.go @@ -257,18 +257,11 @@ func ParseAndVerifyPasswordResetToken(token string, issuer url.URL, keys []key.P } func (e PasswordReset) UserID() string { - uid, ok, err := e.Claims.StringClaim("sub") - if !ok || err != nil { - panic("PasswordReset: no sub claim. This should be impossible.") - } - return uid + return assertStringClaim(e.Claims, "sub") } func (e PasswordReset) Password() Password { - pw, ok, err := e.Claims.StringClaim(ClaimPasswordResetPassword) - if !ok || err != nil { - panic("PasswordReset: no password claim. This should be impossible.") - } + pw := assertStringClaim(e.Claims, ClaimPasswordResetPassword) return Password(pw) } diff --git a/user/user.go b/user/user.go index 734eaf57..0f79b9d9 100644 --- a/user/user.go +++ b/user/user.go @@ -42,6 +42,23 @@ const ( ClaimInvitationCallback = "http://coreos.com/invitation/callback" ) +func assertStringClaim(claims jose.Claims, k string) string { + s, ok, err := claims.StringClaim(k) + if !ok || err != nil { + panic("claims were not validated correctly") + } + return s +} + +func assertURLClaim(claims jose.Claims, k string) *url.URL { + ustring := assertStringClaim(claims, k) + ret, err := url.Parse(ustring) + if err != nil { + panic("url claim was not validated correctly") + } + return ret +} + type UserIDGenerator func() (string, error) func DefaultUserIDGenerator() (string, error) {