Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth:chore - Keycloak decode token to get accountID. #538

Merged
merged 2 commits into from
Jan 13, 2022
Merged

auth:chore - Keycloak decode token to get accountID. #538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bbad3ba
auth:chore - When verify user permission, the function GetAccountIDBy…
lucasbrunozup Jan 12, 2022
342ba3a
Merge branch 'main' into feature/keycloack-token-decode
lucasbrunozup Jan 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion auth/config/providers/wire.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

//+build wireinject
//go:build wireinject
// +build wireinject

package providers

Expand Down
3 changes: 2 additions & 1 deletion auth/config/providers/wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions auth/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,12 @@ require (
github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 // indirect
github.com/swaggo/http-swagger v1.1.2 // indirect
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect
golang.org/x/mod v0.5.1 // indirect
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e // indirect
golang.org/x/sys v0.0.0-20220111092808-5a964db01320 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/tools v0.1.7 // indirect
golang.org/x/tools v0.1.8 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4 // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
Expand Down
6 changes: 6 additions & 0 deletions auth/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -587,6 +587,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
Expand Down Expand Up @@ -696,6 +698,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220111092808-5a964db01320 h1:0jf+tOCoZ3LyutmCOWpVni1chK4VfFLhRsDK7MhqGRY=
golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
Expand Down Expand Up @@ -766,6 +770,8 @@ golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ=
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
Expand Down
3 changes: 2 additions & 1 deletion auth/internal/enums/authentication/keycloak/messages.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,5 @@ package keycloak

var MessageFailedToCheckIfTokenIsActive = "{KEYCLOAK AUTH} failed to check if token is active" //nolint:gosec, lll // false positive
var MessageFailedToGetUserInfo = "{KEYCLOAK AUTH} failed to get user info"
var MessageFailedToGetAccountIDFromKeycloakToken = "{KEYCLOAK AUTH} failed to fet account if from keycloak token" //nolint:gosec, lll // false positive
var MessageFailedToGetAccountIDFromKeycloakToken = "{KEYCLOAK AUTH} failed to get account id from keycloak token" //nolint:gosec, lll // false positive
var MessageFailedToParseKeycloakToken = "{KEYCLOAK AUTH} failed to parse keycloak token to get account id" //nolint:gosec, lll // false positive
14 changes: 11 additions & 3 deletions auth/internal/services/authentication/keycloak/client/keycloak.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"strings"

"github.com/ZupIT/horusec-devkit/pkg/utils/logger"
"github.com/form3tech-oss/jwt-go"

"github.com/pkg/errors"

Expand Down Expand Up @@ -70,12 +71,19 @@ func (c *Client) IsActiveToken(token string) (bool, error) {
}

func (c *Client) GetAccountIDByJWTToken(token string) (uuid.UUID, error) {
userInfo, err := c.GetUserInfo(c.removeBearer(token))
accessToken, _, err := new(jwt.Parser).ParseUnverified(c.removeBearer(token), jwt.MapClaims{})

if err != nil {
return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToGetAccountIDFromKeycloakToken)
return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToParseKeycloakToken)
}

if claims, isValid := accessToken.Claims.(jwt.MapClaims); isValid {
if subString, ok := claims["sub"].(string); ok {
return uuid.Parse(subString)
}
}

return uuid.Parse(*userInfo.Sub)
return uuid.Nil, errors.Wrap(err, keycloakEnums.MessageFailedToGetAccountIDFromKeycloakToken)
}

func (c *Client) GetUserInfo(accessToken string) (*gocloak.UserInfo, error) {
Expand Down
14 changes: 2 additions & 12 deletions auth/internal/services/authentication/keycloak/client/keycloak_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,26 +58,16 @@ func TestAuthenticate(t *testing.T) {

func TestGetAccountIDByJWTToken(t *testing.T) {
t.Run("should success get account id without errors", func(t *testing.T) {
email := "test@horusec.com"
valid := true
sub := uuid.New().String()

userInfo := &gocloak.UserInfo{
Email: &email,
Sub: &sub,
}
token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI4NDc3ZDdmYy0wOTFlLTQwZWEtYjJkMC04ZTg0YWM0Y2Q5ZDQiLCJuYW1lIjoiVGVzdGUiLCJpYXQiOjE1MTYyMzkwMjJ9.HbLKk9hkWw_nGPNwststdFrEjqbQQpDdpQb42KKSVLM"

goCloakMock := &GoCloakMock{}
goCloakMock.On("RetrospectToken").Return(&gocloak.RetrospecTokenResult{Active: &valid}, nil)
goCloakMock.On("IsActiveToken").Return(true, nil)
goCloakMock.On("GetUserInfo").Return(userInfo, nil)

service := &Client{
ctx: context.Background(),
client: goCloakMock,
}

userID, err := service.GetAccountIDByJWTToken("")
userID, err := service.GetAccountIDByJWTToken(token)
assert.NoError(t, err)
assert.NotEqual(t, uuid.Nil, userID)
})
Expand Down
3 changes: 2 additions & 1 deletion core/config/providers/wire.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

//+build wireinject
//go:build wireinject
// +build wireinject

package providers

Expand Down
3 changes: 2 additions & 1 deletion core/config/providers/wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.