diff --git a/auth/config/providers/wire.go b/auth/config/providers/wire.go index 5b8a50939..14665b0cb 100644 --- a/auth/config/providers/wire.go +++ b/auth/config/providers/wire.go @@ -12,7 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -//+build wireinject +//go:build wireinject +// +build wireinject package providers diff --git a/auth/config/providers/wire_gen.go b/auth/config/providers/wire_gen.go index df5b9f38e..2453987be 100644 --- a/auth/config/providers/wire_gen.go +++ b/auth/config/providers/wire_gen.go @@ -1,7 +1,8 @@ // Code generated by Wire. DO NOT EDIT. //go:generate go run github.com/google/wire/cmd/wire -//+build !wireinject +//go:build !wireinject +// +build !wireinject package providers diff --git a/auth/go.mod b/auth/go.mod index 892e52b57..27d4a02b0 100644 --- a/auth/go.mod +++ b/auth/go.mod @@ -65,10 +65,12 @@ require ( github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 // indirect github.com/swaggo/http-swagger v1.1.2 // indirect golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect + golang.org/x/mod v0.5.1 // indirect golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect - golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e // indirect + golang.org/x/sys v0.0.0-20220111092808-5a964db01320 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/tools v0.1.7 // indirect + golang.org/x/tools v0.1.8 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/auth/go.sum b/auth/go.sum index d52fd27dd..f572ec1bd 100644 --- a/auth/go.sum +++ b/auth/go.sum @@ -587,6 +587,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -696,6 +698,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220111092808-5a964db01320 h1:0jf+tOCoZ3LyutmCOWpVni1chK4VfFLhRsDK7MhqGRY= +golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -766,6 +770,8 @@ golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= +golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= +golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/auth/internal/enums/authentication/keycloak/messages.go b/auth/internal/enums/authentication/keycloak/messages.go index 901a88d7c..a2a134b3f 100644 --- a/auth/internal/enums/authentication/keycloak/messages.go +++ b/auth/internal/enums/authentication/keycloak/messages.go @@ -16,4 +16,5 @@ package keycloak var MessageFailedToCheckIfTokenIsActive = "{KEYCLOAK AUTH} failed to check if token is active" //nolint:gosec, lll // false positive var MessageFailedToGetUserInfo = "{KEYCLOAK AUTH} failed to get user info" -var MessageFailedToGetAccountIDFromKeycloakToken = "{KEYCLOAK AUTH} failed to fet account if from keycloak token" //nolint:gosec, lll // false positive +var MessageFailedToGetAccountIDFromKeycloakToken = "{KEYCLOAK AUTH} failed to get account id from keycloak token" //nolint:gosec, lll // false positive +var MessageFailedToParseKeycloakToken = "{KEYCLOAK AUTH} failed to parse keycloak token to get account id" //nolint:gosec, lll // false positive diff --git a/auth/internal/services/authentication/keycloak/client/keycloak.go b/auth/internal/services/authentication/keycloak/client/keycloak.go index d719da449..2cbfadadc 100644 --- a/auth/internal/services/authentication/keycloak/client/keycloak.go +++ b/auth/internal/services/authentication/keycloak/client/keycloak.go @@ -19,6 +19,7 @@ import ( "strings" "github.com/ZupIT/horusec-devkit/pkg/utils/logger" + "github.com/form3tech-oss/jwt-go" "github.com/pkg/errors" @@ -70,12 +71,19 @@ func (c *Client) IsActiveToken(token string) (bool, error) { } func (c *Client) GetAccountIDByJWTToken(token string) (uuid.UUID, error) { - userInfo, err := c.GetUserInfo(c.removeBearer(token)) + accessToken, _, err := new(jwt.Parser).ParseUnverified(c.removeBearer(token), jwt.MapClaims{}) + if err != nil { - return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToGetAccountIDFromKeycloakToken) + return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToParseKeycloakToken) + } + + if claims, isValid := accessToken.Claims.(jwt.MapClaims); isValid { + if subString, ok := claims["sub"].(string); ok { + return uuid.Parse(subString) + } } - return uuid.Parse(*userInfo.Sub) + return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToGetAccountIDFromKeycloakToken) } func (c *Client) GetUserInfo(accessToken string) (*gocloak.UserInfo, error) { diff --git a/auth/internal/services/authentication/keycloak/client/keycloak_test.go b/auth/internal/services/authentication/keycloak/client/keycloak_test.go index 70e54d85b..2b6fd10b8 100644 --- a/auth/internal/services/authentication/keycloak/client/keycloak_test.go +++ b/auth/internal/services/authentication/keycloak/client/keycloak_test.go @@ -58,26 +58,16 @@ func TestAuthenticate(t *testing.T) { func TestGetAccountIDByJWTToken(t *testing.T) { t.Run("should success get account id without errors", func(t *testing.T) { - email := "test@horusec.com" - valid := true - sub := uuid.New().String() - - userInfo := &gocloak.UserInfo{ - Email: &email, - Sub: &sub, - } + token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI4NDc3ZDdmYy0wOTFlLTQwZWEtYjJkMC04ZTg0YWM0Y2Q5ZDQiLCJuYW1lIjoiVGVzdGUiLCJpYXQiOjE1MTYyMzkwMjJ9.HbLKk9hkWw_nGPNwststdFrEjqbQQpDdpQb42KKSVLM" goCloakMock := &GoCloakMock{} - goCloakMock.On("RetrospectToken").Return(&gocloak.RetrospecTokenResult{Active: &valid}, nil) - goCloakMock.On("IsActiveToken").Return(true, nil) - goCloakMock.On("GetUserInfo").Return(userInfo, nil) service := &Client{ ctx: context.Background(), client: goCloakMock, } - userID, err := service.GetAccountIDByJWTToken("") + userID, err := service.GetAccountIDByJWTToken(token) assert.NoError(t, err) assert.NotEqual(t, uuid.Nil, userID) }) diff --git a/core/config/providers/wire.go b/core/config/providers/wire.go index 85af3e8a7..dda89df3c 100644 --- a/core/config/providers/wire.go +++ b/core/config/providers/wire.go @@ -12,7 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -//+build wireinject +//go:build wireinject +// +build wireinject package providers diff --git a/core/config/providers/wire_gen.go b/core/config/providers/wire_gen.go index b3ade4008..9619d1bd6 100644 --- a/core/config/providers/wire_gen.go +++ b/core/config/providers/wire_gen.go @@ -1,7 +1,8 @@ // Code generated by Wire. DO NOT EDIT. //go:generate go run github.com/google/wire/cmd/wire -//+build !wireinject +//go:build !wireinject +// +build !wireinject package providers