debugging claims
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"crypto/sha256"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure/perms_connectors"
|
||||
"oc-auth/infrastructure/utils"
|
||||
@@ -21,7 +22,7 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) {
|
||||
return "", err
|
||||
}
|
||||
p := strings.ReplaceAll(strings.ToUpper(path), "/", "_")
|
||||
return strings.ToLower(method.String()) + "_" + p, nil
|
||||
return strings.ToLower(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
|
||||
}
|
||||
|
||||
// decode key expect to extract method and path from key
|
||||
@@ -63,6 +64,17 @@ func (h HydraClaims) encodeSignature(host string) (string, error) {
|
||||
return SignDefault(hashed[:], spkiBlock.Bytes)
|
||||
}
|
||||
|
||||
func (h HydraClaims) clearBlank(path []string) []string {
|
||||
// clear blank
|
||||
newPath := []string{}
|
||||
for _, p := range path {
|
||||
if p != "" {
|
||||
newPath = append(newPath, p)
|
||||
}
|
||||
}
|
||||
return newPath
|
||||
}
|
||||
|
||||
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error) {
|
||||
idTokenClaims := sessionClaims.Session.IDToken
|
||||
if idTokenClaims["signature"] == nil {
|
||||
@@ -74,27 +86,33 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
|
||||
}
|
||||
claims := sessionClaims.Session.AccessToken
|
||||
path := strings.ReplaceAll(forward, "http://"+host, "")
|
||||
splittedPath := strings.Split(path, "/")
|
||||
splittedPath := h.clearBlank(strings.Split(path, "/"))
|
||||
for m, p := range claims {
|
||||
splittedP := strings.Split(p.(string), "/")
|
||||
match := true
|
||||
splittedP := h.clearBlank(strings.Split(p.(string), "/"))
|
||||
if len(splittedP) != len(splittedPath) {
|
||||
continue
|
||||
}
|
||||
for i, v := range splittedP {
|
||||
fmt.Println(v, splittedPath[i])
|
||||
if strings.Contains(v, ":") { // is a param
|
||||
continue
|
||||
} else if v != splittedPath[i] {
|
||||
meth, _, err := h.decodeKey(m, external)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
perm := perms_connectors.Permission{
|
||||
Relation: "permits" + strings.ToLower(meth.String()),
|
||||
Object: p.(string),
|
||||
}
|
||||
return perms_connectors.GetPermissionConnector().CheckPermission(perm, nil, true), nil
|
||||
match = false
|
||||
break
|
||||
}
|
||||
}
|
||||
if match {
|
||||
meth, _, err := h.decodeKey(m, external)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
perm := perms_connectors.Permission{
|
||||
Relation: "permits" + strings.ToUpper(meth.String()),
|
||||
Object: p.(string),
|
||||
}
|
||||
return perms_connectors.GetPermissionConnector().CheckPermission(perm, nil, true), nil
|
||||
}
|
||||
}
|
||||
return false, errors.New("no permission found")
|
||||
}
|
||||
@@ -109,11 +127,11 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
|
||||
claims.Session.AccessToken = make(map[string]interface{})
|
||||
claims.Session.IDToken = make(map[string]interface{})
|
||||
for _, perm := range perms {
|
||||
key, err := h.generateKey(strings.ReplaceAll(perm.Relation, "permits", ""), perm.Object)
|
||||
key, err := h.generateKey(strings.ReplaceAll(perm.Relation, "permits", ""), perm.Subject)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
claims.Session.AccessToken[key] = perm.Object
|
||||
claims.Session.AccessToken[key] = perm.Subject
|
||||
}
|
||||
sign, err := h.encodeSignature(host)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user