Add type assertion

hashicorp · Feb 7, 2024 · f7733e9 · f7733e9
1 parent d10c600
commit f7733e9
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/jwks_pairs.go b/jwks_pairs.go
@@ -1,6 +1,8 @@
 package jwtauth
 
 import (
+	"fmt"
+
 	"github.com/mitchellh/mapstructure"
 )
 
@@ -16,7 +18,11 @@ func NewJWKSPairsConfig(jc *jwtConfig) ([]*JWKSPair, error) {
 
 	pairs := make([]*JWKSPair, 0, len(jc.JWKSPairs))
 	for i := 0; i < len(jc.JWKSPairs); i++ {
-		jp, err := Initialize(jc.JWKSPairs[i].(map[string]interface{}))
+		pairsMap, ok := jc.JWKSPairs[i].(map[string]interface{})
+		if !ok {
+			return nil, fmt.Errorf("jwks_pairs must be provided as a list of json objects with the fields jwks_url and jwks_ca_pem")
+		}
+		jp, err := Initialize(pairsMap)
 		if err != nil {
 			return nil, err
 		}

diff --git a/path_config_test.go b/path_config_test.go
@@ -156,6 +156,45 @@ func TestConfig_JWT_Write(t *testing.T) {
 	}
 }
 
+func TestConfig_JWKS_Write_Invalid(t *testing.T) {
+	b, storage := getBackend(t)
+
+	// Create a config with invalid jwks_pairs format
+	data := map[string]interface{}{
+		"jwks_url":    "",
+		"jwks_ca_pem": "",
+		"jwks_pairs": []interface{}{
+			"foo",
+			"bar",
+		},
+		"oidc_discovery_url":     "",
+		"oidc_discovery_ca_pem":  "",
+		"oidc_client_id":         "",
+		"default_role":           "",
+		"jwt_validation_pubkeys": []string{},
+		"jwt_supported_algs":     []string{},
+		"bound_issuer":           "",
+	}
+
+	req := &logical.Request{
+		Operation: logical.UpdateOperation,
+		Path:      configPath,
+		Storage:   storage,
+		Data:      data,
+	}
+
+	resp, err := b.HandleRequest(context.Background(), req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resp == nil || !resp.IsError() {
+		t.Fatal("expected error")
+	}
+	if !strings.HasPrefix(resp.Error().Error(), "invalid jwks_pairs") {
+		t.Fatalf("got unexpected error: %v", resp.Error())
+	}
+}
+
 func TestConfig_JWKS_Update(t *testing.T) {
 	b, storage := getBackend(t)