Skip to content

Commit

Permalink
Address review feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
kovayur committed May 22, 2024
1 parent 9ca11d1 commit d13e393
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
22 changes: 11 additions & 11 deletions pkg/auth/acs_claims.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Package auth ...
// Package auth contains the authentication logic for the Fleet Manager API.
package auth

import (
Expand All @@ -8,20 +8,20 @@ import (
"github.com/stackrox/acs-fleet-manager/pkg/shared/utils/arrays"
)

// ACSClaims ...
// ACSClaims claims of the JWT access token specific to ACS.
type ACSClaims jwt.MapClaims

// VerifyIssuer ...
// VerifyIssuer verifies the issuer claim of the access token
func (c *ACSClaims) VerifyIssuer(cmp string, req bool) bool {
return jwt.MapClaims(*c).VerifyIssuer(cmp, req)
}

// VerifyAudience wraps jwt.VerifyAudience
func (c *ACSClaims) VerifyAudience(cmp string, req bool) bool {
return jwt.MapClaims(*c).VerifyAudience(cmp, req)
// VerifyAudience verifies the audience claim of the access token.
func (c *ACSClaims) VerifyAudience(cmp string) bool {
return jwt.MapClaims(*c).VerifyAudience(cmp, true)
}

// GetUsername ...
// GetUsername returns the username claim of the token or error if the claim can't be found.
func (c *ACSClaims) GetUsername() (string, error) {
if idx, val := arrays.FindFirst(func(x interface{}) bool { return x != nil },
(*c)[tenantUsernameClaim], (*c)[alternateTenantUsernameClaim]); idx != -1 {
Expand All @@ -33,7 +33,7 @@ func (c *ACSClaims) GetUsername() (string, error) {
tenantUsernameClaim, alternateTenantUsernameClaim)
}

// GetAccountID ...
// GetAccountID returns the account ID claim of the access token.
func (c *ACSClaims) GetAccountID() (string, error) {
if accountID, ok := (*c)[tenantAccountIDClaim].(string); ok {
return accountID, nil
Expand All @@ -54,15 +54,15 @@ func (c *ACSClaims) GetUserID() (string, error) {
tenantUserIDClaim, alternateTenantUserIDClaim)
}

// GetAlternateUserID ...
// GetAlternateUserID returns the alternate user ID claim of the access token.
func (c *ACSClaims) GetAlternateUserID() (string, error) {
if alternateSub, ok := (*c)[alternateSubClaim].(string); ok {
return alternateSub, nil
}
return "", fmt.Errorf("can't find %q attribute in claims", alternateSubClaim)
}

// GetOrgID ...
// GetOrgID returns organization ID claim of the access token.
func (c *ACSClaims) GetOrgID() (string, error) {
if idx, val := arrays.FindFirst(func(x interface{}) bool { return x != nil },
(*c)[tenantIDClaim], (*c)[alternateTenantIDClaim]); idx != -1 {
Expand Down Expand Up @@ -106,7 +106,7 @@ func (c *ACSClaims) GetAudience() ([]string, error) {
return aud, nil
}

// IsOrgAdmin ...
// IsOrgAdmin returns true if the access token indicates that the owner of this token is an organization admin.
func (c *ACSClaims) IsOrgAdmin() bool {
isOrgAdmin, _ := (*c)[tenantOrgAdminClaim].(bool)
return isOrgAdmin
Expand Down
2 changes: 1 addition & 1 deletion pkg/auth/fleetshard_authz_middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func checkAudience(allowedAudiences []string) mux.MiddlewareFunc {
}

for _, audience := range allowedAudiences {
if claims.VerifyAudience(audience, true) {
if claims.VerifyAudience(audience) {
next.ServeHTTP(writer, request)
break
}
Expand Down

0 comments on commit d13e393

Please sign in to comment.