Skip to content

Commit

Permalink
Merge pull request #205 from go-pkgz/paskal/v2_jwt5
Browse files Browse the repository at this point in the history
Update jwt package from v3 to v5
  • Loading branch information
umputun authored Jul 30, 2024
2 parents d126824 + 9f67160 commit 533e9f2
Show file tree
Hide file tree
Showing 21 changed files with 152 additions and 116 deletions.
4 changes: 2 additions & 2 deletions _example/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ import (
log "github.com/go-pkgz/lgr"
"github.com/go-pkgz/rest"
"github.com/go-pkgz/rest/logger"
"github.com/golang-jwt/jwt"
oldjwt "github.com/golang-jwt/jwt"
"golang.org/x/oauth2"

"github.com/go-pkgz/auth"
Expand Down Expand Up @@ -295,7 +295,7 @@ func initGoauth2Srv() *goauth2.Server {
manager.MustTokenStorage(store.NewMemoryTokenStore())

// generate jwt access token
manager.MapAccessGenerate(generates.NewJWTAccessGenerate("custom", []byte("00000000"), jwt.SigningMethodHS512))
manager.MapAccessGenerate(generates.NewJWTAccessGenerate("custom", []byte("00000000"), oldjwt.SigningMethodHS512))

// client memory store
clientStore := store.NewClientStore()
Expand Down
1 change: 1 addition & 0 deletions v2/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ require (
github.com/go-pkgz/repeater v1.1.3
github.com/go-pkgz/rest v1.19.0
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/rrivera/identicon v0.0.0-20240116195454-d5ba35832c0d
github.com/stretchr/testify v1.9.0
go.etcd.io/bbolt v1.3.10
Expand Down
2 changes: 2 additions & 0 deletions v2/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2
github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
Expand Down
2 changes: 1 addition & 1 deletion v2/middleware/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ func (a *Authenticator) refreshExpiredToken(w http.ResponseWriter, claims token.
}
}

claims.ExpiresAt = 0 // this will cause now+duration for refreshed token
claims.ExpiresAt = nil // this will cause now+duration for refreshed token
c, err := a.JWTService.Set(w, claims) // Set changes token
if err != nil {
return token.Claims{}, err
Expand Down
5 changes: 2 additions & 3 deletions v2/middleware/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,9 +166,8 @@ func TestAuthJWTRefresh(t *testing.T) {

claims, err := a.JWTService.Parse(resp.Cookies()[0].Value)
assert.NoError(t, err)
ts := time.Unix(claims.ExpiresAt, 0)
assert.True(t, ts.After(time.Now()), "expiration in the future")
log.Print(time.Unix(claims.ExpiresAt, 0))
assert.True(t, claims.ExpiresAt.After(time.Now()), "expiration in the future")
log.Print(claims.ExpiresAt)
}

func TestAuthJWTRefreshConcurrentWithCache(t *testing.T) {
Expand Down
26 changes: 13 additions & 13 deletions v2/provider/apple.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
"golang.org/x/oauth2"

"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"

"github.com/go-pkgz/auth/v2/logger"
"github.com/go-pkgz/auth/v2/token"
Expand Down Expand Up @@ -261,11 +261,11 @@ func (ah *AppleHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
From: r.URL.Query().Get("from"),
},
SessionOnly: r.URL.Query().Get("session") != "" && r.URL.Query().Get("session") != "0",
StandardClaims: jwt.StandardClaims{
Id: cid,
Audience: r.URL.Query().Get("site"),
ExpiresAt: time.Now().Add(30 * time.Minute).Unix(),
NotBefore: time.Now().Add(-1 * time.Minute).Unix(),
RegisteredClaims: jwt.RegisteredClaims{
ID: cid,
Audience: jwt.ClaimStrings{r.URL.Query().Get("site")},
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
},
}

Expand Down Expand Up @@ -370,9 +370,9 @@ func (ah AppleHandler) AuthHandler(w http.ResponseWriter, r *http.Request) {

claims := token.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: ah.Issuer,
Id: cid,
ID: cid,
Audience: oauthClaims.Audience,
},
SessionOnly: false,
Expand Down Expand Up @@ -467,13 +467,13 @@ func (ah *AppleHandler) createClientSecret() (string, error) {
}
// Create a claims
now := time.Now()
exp := now.Add(time.Minute * 30).Unix() // default value
exp := now.Add(time.Minute * 30) // default value

claims := &jwt.StandardClaims{
claims := &jwt.RegisteredClaims{
Issuer: ah.conf.TeamID,
IssuedAt: now.Unix(),
ExpiresAt: exp,
Audience: "https://appleid.apple.com",
IssuedAt: jwt.NewNumericDate(now),
ExpiresAt: jwt.NewNumericDate(exp),
Audience: []string{"https://appleid.apple.com"},
Subject: ah.conf.ClientID,
}

Expand Down
2 changes: 1 addition & 1 deletion v2/provider/apple_pubkeys.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"net/http"
"time"

"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"
)

// appleKeysURL is the endpoint URL for fetch Apple’s public key
Expand Down
2 changes: 1 addition & 1 deletion v2/provider/apple_pubkeys_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"testing"
"time"

"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand Down
4 changes: 2 additions & 2 deletions v2/provider/apple_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
"testing"
"time"

"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/oauth2"
Expand Down Expand Up @@ -303,7 +303,7 @@ func TestAppleHandler_LoginHandler(t *testing.T) {
require.NoError(t, err)
t.Log(claims)
assert.Equal(t, "go-pkgz/auth", claims.Issuer)
assert.Equal(t, "remark", claims.Audience)
assert.Equal(t, "remark", claims.Audience[0])

}

Expand Down
6 changes: 3 additions & 3 deletions v2/provider/custom_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"github.com/go-oauth2/oauth2/v4/models"
goauth2 "github.com/go-oauth2/oauth2/v4/server"
"github.com/go-oauth2/oauth2/v4/store"
"github.com/golang-jwt/jwt"
oldjwt "github.com/golang-jwt/jwt"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

Expand Down Expand Up @@ -80,7 +80,7 @@ func TestCustomProvider(t *testing.T) {
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
assert.Equal(t, 2, len(resp.Cookies()))
require.Equal(t, 2, len(resp.Cookies()))
assert.Equal(t, "JWT", resp.Cookies()[0].Name)
assert.NotEqual(t, "", resp.Cookies()[0].Value, "token set")
assert.Equal(t, 2678400, resp.Cookies()[0].MaxAge)
Expand Down Expand Up @@ -192,7 +192,7 @@ func initGoauth2Srv(t *testing.T) *goauth2.Server {
manager.MustTokenStorage(store.NewMemoryTokenStore())

// generate jwt access token
manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512))
manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), oldjwt.SigningMethodHS512))

// client memory store
clientStore := store.NewClientStore()
Expand Down
8 changes: 4 additions & 4 deletions v2/provider/direct.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"time"

"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"

"github.com/go-pkgz/auth/v2/logger"
"github.com/go-pkgz/auth/v2/token"
Expand Down Expand Up @@ -120,10 +120,10 @@ func (p DirectHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {

claims := token.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
Id: cid,
RegisteredClaims: jwt.RegisteredClaims{
ID: cid,
Issuer: p.Issuer,
Audience: creds.Audience,
Audience: []string{creds.Audience},
},
SessionOnly: sessOnly,
}
Expand Down
4 changes: 2 additions & 2 deletions v2/provider/direct_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,9 @@ func TestDirect_LoginHandler(t *testing.T) {
claims, err := d.TokenService.Parse(c.Value)
require.NoError(t, err)
t.Logf("%+v", claims)
assert.Equal(t, "xyz123", claims.Audience)
assert.Equal(t, "xyz123", claims.Audience[0])
assert.Equal(t, "iss-test", claims.Issuer)
assert.True(t, claims.ExpiresAt > time.Now().Unix())
assert.True(t, claims.ExpiresAt.After(time.Now()))
assert.Equal(t, "myuser", claims.User.Name)
})
}
Expand Down
16 changes: 8 additions & 8 deletions v2/provider/oauth1.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (

"github.com/dghubble/oauth1"
"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"

"github.com/go-pkgz/auth/v2/logger"
"github.com/go-pkgz/auth/v2/token"
Expand Down Expand Up @@ -55,11 +55,11 @@ func (h Oauth1Handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
From: r.URL.Query().Get("from"),
},
SessionOnly: r.URL.Query().Get("session") != "" && r.URL.Query().Get("session") != "0",
StandardClaims: jwt.StandardClaims{
Id: cid,
Audience: r.URL.Query().Get("site"),
ExpiresAt: time.Now().Add(30 * time.Minute).Unix(),
NotBefore: time.Now().Add(-1 * time.Minute).Unix(),
RegisteredClaims: jwt.RegisteredClaims{
ID: cid,
Audience: []string{r.URL.Query().Get("site")},
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
},
}

Expand Down Expand Up @@ -140,9 +140,9 @@ func (h Oauth1Handler) AuthHandler(w http.ResponseWriter, r *http.Request) {
}
claims := token.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: h.Issuer,
Id: cid,
ID: cid,
Audience: oauthClaims.Audience,
},
SessionOnly: oauthClaims.SessionOnly,
Expand Down
2 changes: 1 addition & 1 deletion v2/provider/oauth1_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func TestOauth1Login(t *testing.T) {
require.NoError(t, err)
t.Log(claims)
assert.Equal(t, "remark42", claims.Issuer)
assert.Equal(t, "remark", claims.Audience)
assert.Equal(t, "remark", claims.Audience[0])

// check admin user
resp, err = client.Get(fmt.Sprintf("http://localhost:%d/login?site=remark", loginPort))
Expand Down
16 changes: 8 additions & 8 deletions v2/provider/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"time"

"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"
"golang.org/x/oauth2"

"github.com/go-pkgz/auth/v2/logger"
Expand Down Expand Up @@ -111,11 +111,11 @@ func (p Oauth2Handler) LoginHandler(w http.ResponseWriter, r *http.Request) {
From: r.URL.Query().Get("from"),
},
SessionOnly: r.URL.Query().Get("session") != "" && r.URL.Query().Get("session") != "0",
StandardClaims: jwt.StandardClaims{
Id: cid,
Audience: aud,
ExpiresAt: time.Now().Add(30 * time.Minute).Unix(),
NotBefore: time.Now().Add(-1 * time.Minute).Unix(),
RegisteredClaims: jwt.RegisteredClaims{
ID: cid,
Audience: []string{aud},
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
},
NoAva: r.URL.Query().Get("noava") == "1",
}
Expand Down Expand Up @@ -208,9 +208,9 @@ func (p Oauth2Handler) AuthHandler(w http.ResponseWriter, r *http.Request) {
}
claims := token.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
RegisteredClaims: jwt.RegisteredClaims{
Issuer: p.Issuer,
Id: cid,
ID: cid,
Audience: oauthClaims.Audience,
},
SessionOnly: oauthClaims.SessionOnly,
Expand Down
2 changes: 1 addition & 1 deletion v2/provider/oauth2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func TestOauth2Login(t *testing.T) {
require.NoError(t, err)
t.Log(claims)
assert.Equal(t, "remark42", claims.Issuer)
assert.Equal(t, "remark", claims.Audience)
assert.Equal(t, "remark", claims.Audience[0])

// check admin user
resp, err = client.Get("http://localhost:8981/login?site=remark")
Expand Down
12 changes: 6 additions & 6 deletions v2/provider/telegram.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (

"github.com/go-pkgz/repeater"
"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"

"github.com/go-pkgz/auth/v2/logger"
authtoken "github.com/go-pkgz/auth/v2/token"
Expand Down Expand Up @@ -302,12 +302,12 @@ func (th *TelegramHandler) LoginHandler(w http.ResponseWriter, r *http.Request)

claims := authtoken.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
Audience: r.URL.Query().Get("site"),
Id: queryToken,
RegisteredClaims: jwt.RegisteredClaims{
Audience: []string{r.URL.Query().Get("site")},
ID: queryToken,
Issuer: th.ProviderName,
ExpiresAt: time.Now().Add(30 * time.Minute).Unix(),
NotBefore: time.Now().Add(-1 * time.Minute).Unix(),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
},
SessionOnly: false, // TODO review?
}
Expand Down
14 changes: 7 additions & 7 deletions v2/provider/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"time"

"github.com/go-pkgz/rest"
"github.com/golang-jwt/jwt"
"github.com/golang-jwt/jwt/v5"

"github.com/go-pkgz/auth/v2/avatar"
"github.com/go-pkgz/auth/v2/logger"
Expand Down Expand Up @@ -111,8 +111,8 @@ func (e VerifyHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {

claims := token.Claims{
User: &u,
StandardClaims: jwt.StandardClaims{
Id: cid,
RegisteredClaims: jwt.RegisteredClaims{
ID: cid,
Issuer: e.Issuer,
Audience: confClaims.Audience,
},
Expand Down Expand Up @@ -146,10 +146,10 @@ func (e VerifyHandler) sendConfirmation(w http.ResponseWriter, r *http.Request)
ID: user + "::" + address,
},
SessionOnly: r.URL.Query().Get("session") != "" && r.URL.Query().Get("session") != "0",
StandardClaims: jwt.StandardClaims{
Audience: site,
ExpiresAt: time.Now().Add(30 * time.Minute).Unix(),
NotBefore: time.Now().Add(-1 * time.Minute).Unix(),
RegisteredClaims: jwt.RegisteredClaims{
Audience: []string{site},
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
NotBefore: jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
Issuer: e.Issuer,
},
}
Expand Down
Loading

0 comments on commit 533e9f2

Please sign in to comment.