From 64c51f6c9cce457fb5aa99070d38f0d59fbb2096 Mon Sep 17 00:00:00 2001 From: Spencer Ferris <3319370+spencewenski@users.noreply.github.com> Date: Tue, 13 Aug 2024 14:26:28 -0700 Subject: [PATCH] feat: Allow custom sub-claims in provided `Claims` types (#331) --- src/middleware/http/auth/jwt/ietf.rs | 18 +++++++--- src/middleware/http/auth/jwt/openid.rs | 18 ++++++++-- ..._jwt__ietf__tests__deserialize_claims.snap | 14 ++++++++ ..._auth__jwt__ietf__tests__serde_claims.snap | 14 ++++++++ ...wt__openid__tests__deserialize_claims.snap | 33 +++++++++++++++++++ 5 files changed, 89 insertions(+), 8 deletions(-) create mode 100644 src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap create mode 100644 src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap create mode 100644 src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap diff --git a/src/middleware/http/auth/jwt/ietf.rs b/src/middleware/http/auth/jwt/ietf.rs index 6d40a248..bd0cf442 100644 --- a/src/middleware/http/auth/jwt/ietf.rs +++ b/src/middleware/http/auth/jwt/ietf.rs @@ -14,7 +14,7 @@ use typed_builder::TypedBuilder; #[serde_as] #[derive(Debug, Clone, Deserialize, Serialize, TypedBuilder)] #[non_exhaustive] -pub struct Claims { +pub struct Claims> { /// See: #[serde(rename = "iss")] #[builder(default, setter(strip_option))] @@ -54,8 +54,7 @@ pub struct Claims { pub jwt_id: Option, #[serde(flatten)] - #[builder(default)] - pub custom: BTreeMap, + pub custom: C, } #[cfg(test)] @@ -65,8 +64,8 @@ mod tests { use crate::middleware::http::auth::jwt::decode_auth_token; use crate::util::serde::{UriOrString, Wrapper}; use chrono::{TimeDelta, Utc}; + use insta::assert_debug_snapshot; use jsonwebtoken::{encode, EncodingKey, Header, TokenData}; - use serde_json::from_str; use std::ops::{Add, Sub}; use std::str::FromStr; use url::Url; @@ -144,7 +143,7 @@ mod tests { #[cfg_attr(coverage_nightly, coverage(off))] fn deserialize_audience_as_vec() { let value: Wrapper> = - from_str(r#"{"inner": ["https://example.com", "aud2"]}"#).unwrap(); + serde_json::from_str(r#"{"inner": ["https://example.com", "aud2"]}"#).unwrap(); assert_eq!( value.inner, vec![ @@ -153,4 +152,13 @@ mod tests { ] ); } + + #[test] + fn deserialize_claims() { + let claims = r#" + exp = 1000 + "#; + let claims: Claims = toml::from_str(claims).unwrap(); + assert_debug_snapshot!(claims); + } } diff --git a/src/middleware/http/auth/jwt/openid.rs b/src/middleware/http/auth/jwt/openid.rs index f7ecc2d8..1cfbfe98 100644 --- a/src/middleware/http/auth/jwt/openid.rs +++ b/src/middleware/http/auth/jwt/openid.rs @@ -16,7 +16,7 @@ use crate::util::serde::{deserialize_from_str, serialize_to_str, UriOrString}; #[serde_as] #[derive(Debug, Clone, Deserialize, Serialize, TypedBuilder)] #[non_exhaustive] -pub struct Claims { +pub struct Claims> { #[serde(rename = "iss")] pub issuer: Url, @@ -57,8 +57,7 @@ pub struct Claims { pub authorized_party: Option, #[serde(flatten)] - #[builder(default)] - pub custom: BTreeMap, + pub custom: C, } // Intentionally not annotated with `#[non_exhaustive]` @@ -80,6 +79,7 @@ pub enum Acr { mod tests { use super::*; use crate::util::serde::Wrapper; + use insta::assert_debug_snapshot; use serde_json::from_str; use std::str::FromStr; use url::Url; @@ -119,4 +119,16 @@ mod tests { let value: Wrapper = from_str(r#"{"inner": "invalid-uri"}"#).unwrap(); assert_eq!(value.inner, Acr::String("invalid-uri".to_string())); } + + #[test] + fn deserialize_claims() { + let claims = r#" + iss = "http://example.com" + sub = "1234" + iat = 1000 + exp = 2000 + "#; + let claims: Claims = toml::from_str(claims).unwrap(); + assert_debug_snapshot!(claims); + } } diff --git a/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap new file mode 100644 index 00000000..596ad6ae --- /dev/null +++ b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__deserialize_claims.snap @@ -0,0 +1,14 @@ +--- +source: src/middleware/http/auth/jwt/ietf.rs +expression: claims +--- +Claims { + issuer: None, + subject: None, + audience: [], + expires_at: 1970-01-01T00:16:40Z, + not_before: None, + issued_at: None, + jwt_id: None, + custom: {}, +} diff --git a/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap new file mode 100644 index 00000000..596ad6ae --- /dev/null +++ b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__ietf__tests__serde_claims.snap @@ -0,0 +1,14 @@ +--- +source: src/middleware/http/auth/jwt/ietf.rs +expression: claims +--- +Claims { + issuer: None, + subject: None, + audience: [], + expires_at: 1970-01-01T00:16:40Z, + not_before: None, + issued_at: None, + jwt_id: None, + custom: {}, +} diff --git a/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap new file mode 100644 index 00000000..0ef52bae --- /dev/null +++ b/src/middleware/http/auth/jwt/snapshots/roadster__middleware__http__auth__jwt__openid__tests__deserialize_claims.snap @@ -0,0 +1,33 @@ +--- +source: src/middleware/http/auth/jwt/openid.rs +expression: claims +--- +Claims { + issuer: Url { + scheme: "http", + cannot_be_a_base: false, + username: "", + password: None, + host: Some( + Domain( + "example.com", + ), + ), + port: None, + path: "/", + query: None, + fragment: None, + }, + subject: Int( + 1234, + ), + audience: [], + expires_at: 1970-01-01T00:33:20Z, + issued_at: 1970-01-01T00:16:40Z, + auth_time: None, + nonce: None, + auth_cxt_class_reference: None, + auth_methods_references: [], + authorized_party: None, + custom: {}, +}