Commit 2cdb6c0a authored by Joe Bowers's avatar Joe Bowers

user: more convenient way to read claims that have already been validated

parent 792b72ef
...@@ -65,30 +65,13 @@ func ParseAndVerifyEmailVerificationToken(token string, issuer url.URL, keys []k ...@@ -65,30 +65,13 @@ func ParseAndVerifyEmailVerificationToken(token string, issuer url.URL, keys []k
} }
func (e EmailVerification) UserID() string { func (e EmailVerification) UserID() string {
uid, ok, err := e.Claims.StringClaim("sub") return assertStringClaim(e.Claims, "sub")
if !ok || err != nil {
panic("EmailVerification: no sub claim. This should be impossible.")
}
return uid
} }
func (e EmailVerification) Email() string { func (e EmailVerification) Email() string {
email, ok, err := e.Claims.StringClaim(ClaimEmailVerificationEmail) return assertStringClaim(e.Claims, ClaimEmailVerificationEmail)
if !ok || err != nil {
panic("EmailVerification: no email claim. This should be impossible.")
}
return email
} }
func (e EmailVerification) Callback() *url.URL { func (e EmailVerification) Callback() *url.URL {
cb, ok, err := e.Claims.StringClaim(ClaimEmailVerificationCallback) return assertURLClaim(e.Claims, ClaimEmailVerificationCallback)
if !ok || err != nil {
panic("EmailVerification: no callback claim. This should be impossible.")
}
cbURL, err := url.Parse(cb)
if err != nil {
panic("EmailVerificaiton: can't parse callback. This should be impossible.")
}
return cbURL
} }
...@@ -57,3 +57,24 @@ func ParseAndVerifyInvitationToken(token string, issuer url.URL, keys []key.Publ ...@@ -57,3 +57,24 @@ func ParseAndVerifyInvitationToken(token string, issuer url.URL, keys []key.Publ
return Invitation{tokenClaims.Claims}, nil return Invitation{tokenClaims.Claims}, nil
} }
func (iv Invitation) UserID() string {
return assertStringClaim(iv.Claims, "sub")
}
func (iv Invitation) Password() Password {
pw := assertStringClaim(iv.Claims, ClaimPasswordResetPassword)
return Password(pw)
}
func (iv Invitation) Email() string {
return assertStringClaim(iv.Claims, ClaimEmailVerificationEmail)
}
func (iv Invitation) ClientID() string {
return assertStringClaim(iv.Claims, "aud")
}
func (iv Invitation) Callback() *url.URL {
return assertURLClaim(iv.Claims, ClaimInvitationCallback)
}
...@@ -257,18 +257,11 @@ func ParseAndVerifyPasswordResetToken(token string, issuer url.URL, keys []key.P ...@@ -257,18 +257,11 @@ func ParseAndVerifyPasswordResetToken(token string, issuer url.URL, keys []key.P
} }
func (e PasswordReset) UserID() string { func (e PasswordReset) UserID() string {
uid, ok, err := e.Claims.StringClaim("sub") return assertStringClaim(e.Claims, "sub")
if !ok || err != nil {
panic("PasswordReset: no sub claim. This should be impossible.")
}
return uid
} }
func (e PasswordReset) Password() Password { func (e PasswordReset) Password() Password {
pw, ok, err := e.Claims.StringClaim(ClaimPasswordResetPassword) pw := assertStringClaim(e.Claims, ClaimPasswordResetPassword)
if !ok || err != nil {
panic("PasswordReset: no password claim. This should be impossible.")
}
return Password(pw) return Password(pw)
} }
......
...@@ -42,6 +42,23 @@ const ( ...@@ -42,6 +42,23 @@ const (
ClaimInvitationCallback = "http://coreos.com/invitation/callback" ClaimInvitationCallback = "http://coreos.com/invitation/callback"
) )
func assertStringClaim(claims jose.Claims, k string) string {
s, ok, err := claims.StringClaim(k)
if !ok || err != nil {
panic("claims were not validated correctly")
}
return s
}
func assertURLClaim(claims jose.Claims, k string) *url.URL {
ustring := assertStringClaim(claims, k)
ret, err := url.Parse(ustring)
if err != nil {
panic("url claim was not validated correctly")
}
return ret
}
type UserIDGenerator func() (string, error) type UserIDGenerator func() (string, error)
func DefaultUserIDGenerator() (string, error) { func DefaultUserIDGenerator() (string, error) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment