From 9c15b77fbce99c7e26b33ffd985eb6f5b34df786 Mon Sep 17 00:00:00 2001
From: Sergey Yakubov <sergey.yakubov@desy.de>
Date: Fri, 24 Sep 2021 13:33:51 +0200
Subject: [PATCH] fix

---
 .../src/asapo_authorizer/server/authorize.go  |  4 ++--
 .../src/asapo_authorizer/server/introspect.go |  3 ++-
 .../src/asapo_common/utils/authorization.go   | 24 +++++++++----------
 .../services_restart/check_linux.sh           |  1 +
 4 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/authorizer/src/asapo_authorizer/server/authorize.go b/authorizer/src/asapo_authorizer/server/authorize.go
index bab6e96b6..aaaade1b3 100644
--- a/authorizer/src/asapo_authorizer/server/authorize.go
+++ b/authorizer/src/asapo_authorizer/server/authorize.go
@@ -201,7 +201,7 @@ func canUseHostAuthorization(creds SourceCredentials) bool {
 
 func checkToken(token string, subject_expect string) (accessTypes []string, err error) {
 	var extra_claim structs.AccessTokenExtraClaim
-	subject,err := Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
+	claim,err := Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
 	if err!=nil {
 		return nil,err
 	}
@@ -210,7 +210,7 @@ func checkToken(token string, subject_expect string) (accessTypes []string, err
 		return nil,errors.New("missing access types")
 	}
 
-	if subject!=subject_expect {
+	if claim.Subject!=subject_expect {
 		return nil,errors.New("wrong token for "+subject_expect)
 	}
 	return extra_claim.AccessTypes,err
diff --git a/authorizer/src/asapo_authorizer/server/introspect.go b/authorizer/src/asapo_authorizer/server/introspect.go
index 1cc6bd37a..b846e395d 100644
--- a/authorizer/src/asapo_authorizer/server/introspect.go
+++ b/authorizer/src/asapo_authorizer/server/introspect.go
@@ -19,10 +19,11 @@ func extractToken(r *http.Request) (string, error) {
 
 func verifyUserToken(token string) (response structs.IntrospectTokenResponse, err error) {
 	var extra_claim structs.AccessTokenExtraClaim
-	response.Sub,err = Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
+	claim,err := Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
 	if err!=nil {
 		return
 	}
+	response.Sub = claim.Subject
 	response.AccessTypes = extra_claim.AccessTypes
 	return
 }
diff --git a/common/go/src/asapo_common/utils/authorization.go b/common/go/src/asapo_common/utils/authorization.go
index c91361173..d707819b9 100644
--- a/common/go/src/asapo_common/utils/authorization.go
+++ b/common/go/src/asapo_common/utils/authorization.go
@@ -17,7 +17,7 @@ type Auth interface {
 	GenerateToken(...interface{}) (string, error)
 	ProcessAuth(http.HandlerFunc, string) http.HandlerFunc
 	Name() string
-	CheckAndGetContent(token string, extraClaims interface{}, payload ...interface{}) (string,error)
+	CheckAndGetContent(token string, extraClaims interface{}, payload ...interface{}) (*jwt.StandardClaims,error)
 }
 
 func SubjectFromBeamtime(bt string)string {
@@ -147,23 +147,21 @@ func ProcessJWTAuth(fn http.HandlerFunc, key string) http.HandlerFunc {
 	}
 }
 
-func (a *JWTAuth) CheckAndGetContent(token string, extraClaims interface{}, payload ...interface{}) (subject string,err error) {
+func (a *JWTAuth) CheckAndGetContent(token string, extraClaims interface{}, payload ...interface{}) (claims *jwt.StandardClaims, err error) {
 	// payload ignored
 	c, ok := CheckJWTToken(token,a.Key)
 	if !ok {
-		return "",errors.New("wrong JWT token")
+		return nil,errors.New("wrong JWT token")
 	}
 	claim,ok  := c.(*CustomClaims)
 	if !ok {
-		return "",errors.New("cannot get CustomClaims")
+		return nil,errors.New("cannot get CustomClaims")
 	}
 
-	subject = claim.Subject
-
 	if extraClaims!=nil {
 		err = MapToStruct(claim.ExtraClaims.(map[string]interface{}), extraClaims)
 	}
-	return subject,err
+	return &claim.StandardClaims,err
 }
 
 
@@ -264,20 +262,22 @@ func ProcessHMACAuth(fn http.HandlerFunc, payload, key string) http.HandlerFunc
 	}
 }
 
-func (a *HMACAuth) CheckAndGetContent(token string, _ interface{}, payload ...interface{}) (string,error) {
+func (a *HMACAuth) CheckAndGetContent(token string, _ interface{}, payload ...interface{}) (*jwt.StandardClaims,error) {
 	if len(payload) != 1 {
-		return "",errors.New("wrong payload")
+		return nil,errors.New("wrong payload")
 	}
 	value, ok := payload[0].(string)
 	if !ok {
-		return "",errors.New("wrong payload")
+		return nil,errors.New("wrong payload")
 	}
 
 	ok = CheckHMACToken(token,value,a.Key)
 	if !ok {
-		return "",errors.New("wrong HMAC token")
+		return nil,errors.New("wrong HMAC token")
 	}
-	return value,nil
+	claim := jwt.StandardClaims{}
+	claim.Subject = value
+	return &claim,nil
 
 }
 
diff --git a/tests/automatic/high_avail/services_restart/check_linux.sh b/tests/automatic/high_avail/services_restart/check_linux.sh
index 7043c1ac9..e3260de4c 100644
--- a/tests/automatic/high_avail/services_restart/check_linux.sh
+++ b/tests/automatic/high_avail/services_restart/check_linux.sh
@@ -25,6 +25,7 @@ Cleanup() {
     echo cleanup
     rm -rf ${receiver_folder}
     echo "db.dropDatabase()" | mongo ${beamtime_id}_detector
+    set +e
     influx -execute "drop database ${monitor_database_name}"
 }
 
-- 
GitLab