Skip to content

Commit fa6018b

Browse files
hfhf
committed
fixes
1 parent 55df62d commit fa6018b

5 files changed

Lines changed: 25 additions & 46 deletions

File tree

internal/api/auth_test.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package api
22

33
import (
4+
"context"
45
"encoding/json"
56
"net/http"
67
"net/http/httptest"
@@ -167,7 +168,7 @@ func (ts *AuthTestSuite) TestParseJWTClaims() {
167168
jwk, err := conf.GetSigningJwk(&ts.Config.JWT)
168169
require.NoError(ts.T(), err)
169170
signingMethod := conf.GetSigningAlg(jwk)
170-
signingKey, err := conf.GetSigningKey(jwk)
171+
signingKey, err := conf.SigningKey(context.Background())
171172
require.NoError(ts.T(), err)
172173

173174
userJwtToken := jwt.NewWithClaims(signingMethod, userClaims)

internal/conf/awskmsjwk/rs256.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ func (m *signingMethodKMSRS256) Sign(signingString string, key any) ([]byte, err
4646
SigningAlgorithm: kmstypes.SigningAlgorithmSpecRsassaPkcs1V15Sha256,
4747
})
4848
if err != nil {
49-
logrus.WithError(err).Error("Unable to sign RS256 JWT with AWS KMS key %q", k.KeyID)
49+
logrus.WithError(err).Errorf("Unable to sign RS256 JWT with AWS KMS key %q", k.KeyID)
5050

5151
return nil, err
5252
}

internal/conf/configuration.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1174,6 +1174,16 @@ func (config *GlobalConfiguration) applyDefaultsJWTPrivateKey(privKey jwk.Key) e
11741174
PublicKey: pubKey,
11751175
PrivateKey: privKey,
11761176
}
1177+
1178+
var key any
1179+
if err := privKey.Raw(&key); err != nil {
1180+
return err
1181+
}
1182+
1183+
config.JWT.SigningKey = func(ctx context.Context) (any, error) {
1184+
return key, nil
1185+
}
1186+
11771187
return nil
11781188
}
11791189

internal/conf/jwk_test.go

Lines changed: 5 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package conf
22

33
import (
4+
"context"
45
"encoding/json"
56
"errors"
67
"fmt"
@@ -187,39 +188,6 @@ func TestJwtKeys(t *testing.T) {
187188
require.Equal(t, "no signing key found", err.Error())
188189
}
189190

190-
// GetSigningKey - valid
191-
{
192-
m := helpToMap(t, testJwtKey)
193-
jwt, err := json.Marshal(m["3"])
194-
require.NoError(t, err)
195-
196-
sigKey1, err := jwk.ParseKey(jwt)
197-
require.NoError(t, err)
198-
199-
got, err := GetSigningKey(sigKey1)
200-
require.NoError(t, err)
201-
require.NotNil(t, got)
202-
require.Equal(t, fmt.Sprintf("%T", got), "*ecdsa.PrivateKey")
203-
}
204-
205-
// GetSigningKey - not found
206-
{
207-
m := helpToMap(t, testJwtKey)
208-
jwt, err := json.Marshal(m["4"])
209-
require.NoError(t, err)
210-
211-
privKey, err := jwk.ParseKey(jwt)
212-
require.NoError(t, err)
213-
214-
sentinel := errors.New("sentinel")
215-
key := &mockKey{Key: privKey, err: sentinel, n: 0}
216-
217-
got, err := GetSigningKey(key)
218-
require.Nil(t, got)
219-
require.Error(t, err)
220-
require.Equal(t, sentinel, err)
221-
}
222-
223191
// FindPublicKeyByKid - valid
224192
{
225193
dec := make(JwtKeysDecoder)
@@ -228,7 +196,7 @@ func TestJwtKeys(t *testing.T) {
228196
KeyID: "abc",
229197
Secret: "sentinel",
230198
}
231-
got, err := FindPublicKeyByKid("abc", jwtConfig)
199+
got, err := FindPublicKeyByKid(context.Background(), "abc", jwtConfig)
232200
require.NoError(t, err)
233201
require.Equal(t, []byte("sentinel"), got)
234202
}
@@ -239,7 +207,7 @@ func TestJwtKeys(t *testing.T) {
239207
jwtConfig := &JWTConfiguration{
240208
Keys: dec,
241209
}
242-
got, err := FindPublicKeyByKid("abc", jwtConfig)
210+
got, err := FindPublicKeyByKid(context.Background(), "abc", jwtConfig)
243211
require.Nil(t, got)
244212
require.Nil(t, err)
245213
}
@@ -263,7 +231,7 @@ func TestJwtKeys(t *testing.T) {
263231
Keys: dec,
264232
}
265233

266-
got, err := FindPublicKeyByKid("abc", jwtConfig)
234+
got, err := FindPublicKeyByKid(context.Background(), "abc", jwtConfig)
267235
require.NoError(t, err)
268236
require.NotNil(t, got)
269237
require.Equal(t, fmt.Sprintf("%T", got), "*ecdsa.PrivateKey")
@@ -291,7 +259,7 @@ func TestJwtKeys(t *testing.T) {
291259
Keys: dec,
292260
}
293261

294-
got, err := FindPublicKeyByKid("abc", jwtConfig)
262+
got, err := FindPublicKeyByKid(context.Background(), "abc", jwtConfig)
295263
require.Nil(t, got)
296264
require.Error(t, err)
297265
require.Equal(t, sentinel, err)

internal/tokens/service_test.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -780,7 +780,7 @@ func parseIDTokenClaims(idToken string, config *conf.GlobalConfiguration) (jwt.M
780780
if kid, ok := token.Header["kid"]; ok {
781781
if kidStr, ok := kid.(string); ok {
782782
// Find the public key by kid for asymmetric verification
783-
key, err := conf.FindPublicKeyByKid(kidStr, &config.JWT)
783+
key, err := conf.FindPublicKeyByKid(context.Background(), kidStr, &config.JWT)
784784
if err != nil {
785785
return nil, err
786786
}
@@ -852,7 +852,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithAllScopes() {
852852
Scopes: []string{models.ScopeOpenID, models.ScopeEmail, models.ScopeProfile, models.ScopePhone},
853853
}
854854

855-
idToken, err := srv.GenerateIDToken(params)
855+
idToken, err := srv.GenerateIDToken(context.Background(), params)
856856
require.NoError(ts.T(), err)
857857
require.NotEmpty(ts.T(), idToken)
858858

@@ -883,7 +883,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithOnlyOpenIDScope() {
883883
Scopes: []string{models.ScopeOpenID},
884884
}
885885

886-
idToken, err := srv.GenerateIDToken(params)
886+
idToken, err := srv.GenerateIDToken(context.Background(), params)
887887
require.NoError(ts.T(), err)
888888
require.NotEmpty(ts.T(), idToken)
889889

@@ -916,7 +916,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithEmailScope() {
916916
Scopes: []string{models.ScopeOpenID, models.ScopeEmail},
917917
}
918918

919-
idToken, err := srv.GenerateIDToken(params)
919+
idToken, err := srv.GenerateIDToken(context.Background(), params)
920920
require.NoError(ts.T(), err)
921921
require.NotEmpty(ts.T(), idToken)
922922

@@ -946,7 +946,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithProfileScope() {
946946
Scopes: []string{models.ScopeOpenID, models.ScopeProfile},
947947
}
948948

949-
idToken, err := srv.GenerateIDToken(params)
949+
idToken, err := srv.GenerateIDToken(context.Background(), params)
950950
require.NoError(ts.T(), err)
951951
require.NotEmpty(ts.T(), idToken)
952952

@@ -976,7 +976,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithPhoneScope() {
976976
Scopes: []string{models.ScopeOpenID, models.ScopePhone},
977977
}
978978

979-
idToken, err := srv.GenerateIDToken(params)
979+
idToken, err := srv.GenerateIDToken(context.Background(), params)
980980
require.NoError(ts.T(), err)
981981
require.NotEmpty(ts.T(), idToken)
982982

@@ -1006,7 +1006,7 @@ func (ts *IDTokenTestSuite) TestIDTokenWithMultipleScopes() {
10061006
Scopes: []string{models.ScopeOpenID, models.ScopeEmail, models.ScopeProfile},
10071007
}
10081008

1009-
idToken, err := srv.GenerateIDToken(params)
1009+
idToken, err := srv.GenerateIDToken(context.Background(), params)
10101010
require.NoError(ts.T(), err)
10111011
require.NotEmpty(ts.T(), idToken)
10121012

0 commit comments

Comments
 (0)