feat: Allow custom sub-claims in provided Claims types (#331)

roadster-rs · Aug 13, 2024 · 64c51f6 · 64c51f6
1 parent b20d890
commit 64c51f6
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 8 deletions.
diff --git a/src/middleware/http/auth/jwt/ietf.rs b/src/middleware/http/auth/jwt/ietf.rs
@@ -14,7 +14,7 @@ use typed_builder::TypedBuilder;
 #[serde_as]
 #[derive(Debug, Clone, Deserialize, Serialize, TypedBuilder)]
 #[non_exhaustive]
-pub struct Claims {
+pub struct Claims<C = BTreeMap<String, Value>> {
     /// See: <https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.1>
     #[serde(rename = "iss")]
     #[builder(default, setter(strip_option))]
@@ -54,8 +54,7 @@ pub struct Claims {
     pub jwt_id: Option<String>,
 
     #[serde(flatten)]
-    #[builder(default)]
-    pub custom: BTreeMap<String, Value>,
+    pub custom: C,
 }
 
 #[cfg(test)]
@@ -65,8 +64,8 @@ mod tests {
     use crate::middleware::http::auth::jwt::decode_auth_token;
     use crate::util::serde::{UriOrString, Wrapper};
     use chrono::{TimeDelta, Utc};
+    use insta::assert_debug_snapshot;
     use jsonwebtoken::{encode, EncodingKey, Header, TokenData};
-    use serde_json::from_str;
     use std::ops::{Add, Sub};
     use std::str::FromStr;
     use url::Url;
@@ -144,7 +143,7 @@ mod tests {
     #[cfg_attr(coverage_nightly, coverage(off))]
     fn deserialize_audience_as_vec() {
         let value: Wrapper<Vec<UriOrString>> =
-            from_str(r#"{"inner": ["https://example.com", "aud2"]}"#).unwrap();
+            serde_json::from_str(r#"{"inner": ["https://example.com", "aud2"]}"#).unwrap();
         assert_eq!(
             value.inner,
             vec![
@@ -153,4 +152,13 @@ mod tests {
             ]
         );
     }
+
+    #[test]
+    fn deserialize_claims() {
+        let claims = r#"
+        exp = 1000
+        "#;
+        let claims: Claims = toml::from_str(claims).unwrap();
+        assert_debug_snapshot!(claims);
+    }
 }
diff --git a/src/middleware/http/auth/jwt/openid.rs b/src/middleware/http/auth/jwt/openid.rs
@@ -16,7 +16,7 @@ use crate::util::serde::{deserialize_from_str, serialize_to_str, UriOrString};
 #[serde_as]
 #[derive(Debug, Clone, Deserialize, Serialize, TypedBuilder)]
 #[non_exhaustive]
-pub struct Claims {
+pub struct Claims<C = BTreeMap<String, Value>> {
     #[serde(rename = "iss")]
     pub issuer: Url,
 
@@ -57,8 +57,7 @@ pub struct Claims {
     pub authorized_party: Option<UriOrString>,
 
     #[serde(flatten)]
-    #[builder(default)]
-    pub custom: BTreeMap<String, Value>,
+    pub custom: C,
 }
 
 // Intentionally not annotated with `#[non_exhaustive]`
@@ -80,6 +79,7 @@ pub enum Acr {
 mod tests {
     use super::*;
     use crate::util::serde::Wrapper;
+    use insta::assert_debug_snapshot;
     use serde_json::from_str;
     use std::str::FromStr;
     use url::Url;
@@ -119,4 +119,16 @@ mod tests {
         let value: Wrapper<Acr> = from_str(r#"{"inner": "invalid-uri"}"#).unwrap();
         assert_eq!(value.inner, Acr::String("invalid-uri".to_string()));
     }
+
+    #[test]
+    fn deserialize_claims() {
+        let claims = r#"
+        iss = "http://example.com"
+        sub = "1234"
+        iat = 1000
+        exp = 2000
+        "#;
+        let claims: Claims = toml::from_str(claims).unwrap();
+        assert_debug_snapshot!(claims);
+    }
 }
diff --git a/...jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap b/...jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap
@@ -0,0 +1,14 @@
+---
+source: src/middleware/http/auth/jwt/ietf.rs
+expression: claims
+---
+Claims {
+    issuer: None,
+    subject: None,
+    audience: [],
+    expires_at: 1970-01-01T00:16:40Z,
+    not_before: None,
+    issued_at: None,
+    jwt_id: None,
+    custom: {},
+}
diff --git a/.../auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap b/.../auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap
@@ -0,0 +1,14 @@
+---
+source: src/middleware/http/auth/jwt/ietf.rs
+expression: claims
+---
+Claims {
+    issuer: None,
+    subject: None,
+    audience: [],
+    expires_at: 1970-01-01T00:16:40Z,
+    not_before: None,
+    issued_at: None,
+    jwt_id: None,
+    custom: {},
+}
diff --git a/...t/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap b/...t/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap
@@ -0,0 +1,33 @@
+---
+source: src/middleware/http/auth/jwt/openid.rs
+expression: claims
+---
+Claims {
+    issuer: Url {
+        scheme: "http",
+        cannot_be_a_base: false,
+        username: "",
+        password: None,
+        host: Some(
+            Domain(
+                "example.com",
+            ),
+        ),
+        port: None,
+        path: "/",
+        query: None,
+        fragment: None,
+    },
+    subject: Int(
+        1234,
+    ),
+    audience: [],
+    expires_at: 1970-01-01T00:33:20Z,
+    issued_at: 1970-01-01T00:16:40Z,
+    auth_time: None,
+    nonce: None,
+    auth_cxt_class_reference: None,
+    auth_methods_references: [],
+    authorized_party: None,
+    custom: {},
+}