refactor

7ade0931 · Sergey Yakubov · 590d18ef · 7ade0931 · 7ade0931 · 7ade0931
Commit 7ade0931 authored 4 years ago by Sergey Yakubov
--- a/authorizer/src/asapo_authorizer/cli/create_token.go
+++ b/authorizer/src/asapo_authorizer/cli/create_token.go
@@ -24,10 +24,6 @@ func userTokenRequest(flags tokenFlags) (request authorization.TokenRequest, err
 		return request,errors.New("access type must be read of write")
 	}

-	if flags.DaysValid<=0 {
-		return request,errors.New("expiration period must be set")
-	}
-
 	request.Subject = make(map[string]string,1)
 	if (flags.Beamline!="") {
 		request.Subject["beamline"]=flags.Beamline

--- a/authorizer/src/asapo_authorizer/server/issue_token.go
+++ b/authorizer/src/asapo_authorizer/server/issue_token.go
@@ -8,7 +8,6 @@ import (
 	"net/http"
 )

-
 func extractUserTokenrequest(r *http.Request) (request authorization.TokenRequest, err error) {
 	err = utils.ExtractRequest(r, &request)
 	if err != nil {
@@ -23,6 +22,10 @@ func extractUserTokenrequest(r *http.Request) (request authorization.TokenReques
 		return request, errors.New("set only one of beamtime/beamline")
 	}

+	if request.DaysValid<=0 {
+		return request, errors.New("set token valid period")
+	}
+
 	if request.AccessType != "read" && request.AccessType != "write" {
 		return request, errors.New("wrong access type " + request.AccessType)
 	}
@@ -30,33 +33,18 @@ func extractUserTokenrequest(r *http.Request) (request authorization.TokenReques
 	return request, nil
 }

-
 func routeAuthorisedTokenIssue(w http.ResponseWriter, r *http.Request) {
 	Auth.AdminAuth().ProcessAuth(checkAccessToken, "admin")(w, r)
 }
 func checkAccessToken(w http.ResponseWriter, r *http.Request) {
-
-	c := r.Context().Value("TokenClaims")
-	if c == nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		w.Write([]byte("Empty context"))
-	}
-
-	claim := c.(*utils.CustomClaims)
-	if claim.Subject != "admin" {
-		err_txt := "wrong token subject type "+claim.Subject
-		w.WriteHeader(http.StatusUnauthorized)
-		w.Write([]byte(err_txt))
-
-	}
-
 	var extraClaim utils.AccessTokenExtraClaim
-	if err := utils.JobClaimFromContext(r, &extraClaim); err != nil {
+	var claims *utils.CustomClaims
+	if err := utils.JobClaimFromContext(r, &claims, &extraClaim); err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte(err.Error()))
 	}
-	if extraClaim.AccessType!="create" {
-		err_txt := "wrong access type "+extraClaim.AccessType
+	if claims.Subject != "admin" || extraClaim.AccessType != "create" {
+		err_txt := "wrong token claims"
 		w.WriteHeader(http.StatusUnauthorized)
 		w.Write([]byte(err_txt))
 	}

--- a/authorizer/src/asapo_authorizer/server/issue_token_test.go
+++ b/authorizer/src/asapo_authorizer/server/issue_token_test.go
@@ -28,6 +28,8 @@ var  IssueTokenTests = [] struct {
 	{map[string]string{"blabla":"test"},"","read",180,prepareAdminToken("admin"),"",http.StatusBadRequest,"beamline or beamtime not given"},
 	{map[string]string{"beamtimeId":"test"},"","bla",180,prepareAdminToken("admin"),"",http.StatusBadRequest,"wrong role"},
 	{map[string]string{"beamtimeId":"test"},"","read",180,prepareAdminToken("bla"),"",http.StatusUnauthorized,"wrong admin token"},
+	{map[string]string{"beamtimeId":"test"},"bt_test","read",0,prepareAdminToken("admin"),"aaa",http.StatusBadRequest,"0 valid days"},
+
 }

 func TestIssueToken(t *testing.T) {

--- a/common/go/src/asapo_common/utils/authorization.go
+++ b/common/go/src/asapo_common/utils/authorization.go
@@ -169,14 +169,21 @@ func CheckJWTToken(token, key string) (jwt.Claims, bool) {
 	return nil, false
 }

-func JobClaimFromContext(r *http.Request, val interface{}) error {
+func JobClaimFromContext(r *http.Request, customClaim **CustomClaims, val interface{}) error {
 	c := r.Context().Value("TokenClaims")

 	if c == nil {
 		return errors.New("Empty context")
 	}

-	claim := c.(*CustomClaims)
+	claim,ok  := c.(*CustomClaims)
+	if !ok {
+		return errors.New("cannot get CustomClaims")
+	}
+
+	if customClaim!=nil {
+		*customClaim = claim
+	}

 	return MapToStruct(claim.ExtraClaims.(map[string]interface{}), val)
 }

--- a/common/go/src/asapo_common/utils/authorization_test.go
+++ b/common/go/src/asapo_common/utils/authorization_test.go
@@ -17,7 +17,7 @@ type JobClaim struct {
 func writeAuthResponse(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	var jc JobClaim
-	JobClaimFromContext(r, &jc)
+	JobClaimFromContext(r,nil,&jc)
 	w.Write([]byte(jc.UserName))
 	w.Write([]byte(jc.JobInd))
 }

--- a/file_transfer/src/asapo_file_transfer/server/transfer.go
+++ b/file_transfer/src/asapo_file_transfer/server/transfer.go
@@ -25,7 +25,7 @@ func Exists(name string) bool {

 func checkClaim(r *http.Request,request* fileTransferRequest) (int,error) {
 	var extraClaim utils.FolderTokenTokenExtraClaim
-	if err := utils.JobClaimFromContext(r, &extraClaim); err != nil {
+	if err := utils.JobClaimFromContext(r, nil, &extraClaim); err != nil {
 		return http.StatusInternalServerError,err
 	}
 	if extraClaim.RootFolder!=request.Folder {