diff --git a/corsx/middleware_test.go b/corsx/middleware_test.go index d87cc436..0bc520a3 100644 --- a/corsx/middleware_test.go +++ b/corsx/middleware_test.go @@ -32,7 +32,7 @@ func TestContextualizedMiddleware(t *testing.T) { require.NoError(t, err) req.Header.Set("Origin", origin) req.Header.Set("Access-Control-Request-Method", "DELETE") - req.Header.Set("Access-Control-Request-Headers", "origin") + req.Header.Set("Access-Control-Request-Headers", "") res, err := ts.Client().Do(req) require.NoError(t, err) defer res.Body.Close() diff --git a/go.mod b/go.mod index 88752d07..202500c9 100644 --- a/go.mod +++ b/go.mod @@ -6,17 +6,16 @@ toolchain go1.22.2 require ( code.dny.dev/ssrf v0.2.0 - github.com/auth0/go-jwt-middleware v1.0.1 + github.com/auth0/go-jwt-middleware/v2 v2.2.1 github.com/avast/retry-go/v4 v4.3.0 github.com/bmatcuk/doublestar/v2 v2.0.4 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cockroachdb/cockroach-go/v2 v2.3.5 github.com/dgraph-io/ristretto v0.1.1 - github.com/docker/docker v20.10.27+incompatible + github.com/docker/docker v26.1.4+incompatible github.com/evanphx/json-patch/v5 v5.6.0 github.com/fatih/structs v1.1.0 - github.com/form3tech-oss/jwt-go v3.2.5+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/ghodss/yaml v1.0.0 github.com/go-bindata/go-bindata v3.1.2+incompatible @@ -30,6 +29,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/goccy/go-yaml v1.9.6 github.com/gofrs/uuid v4.3.0+incompatible + github.com/golang-jwt/jwt/v5 v5.2.1 github.com/golang/mock v1.6.0 github.com/google/go-jsonnet v0.20.0 github.com/gorilla/websocket v1.5.0 @@ -57,7 +57,7 @@ require ( github.com/mattn/go-sqlite3 v1.14.16 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/ory/analytics-go/v5 v5.0.1 - github.com/ory/dockertest/v3 v3.10.1-0.20240619125955-3328cf9343b8 + github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe github.com/ory/herodot v0.10.2 github.com/ory/jsonschema/v3 v3.0.8 @@ -69,7 +69,7 @@ require ( github.com/prometheus/client_model v0.3.0 github.com/prometheus/common v0.37.0 github.com/rakutentech/jwk-go v1.1.3 - github.com/rs/cors v1.8.2 + github.com/rs/cors v1.11.0 github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cast v1.5.0 @@ -105,6 +105,7 @@ require ( ) require ( + dario.cat/mergo v1.0.0 // indirect filippo.io/edwards25519 v1.1.0 // indirect git.sr.ht/~sbinet/gg v0.3.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect @@ -117,10 +118,11 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/containerd/continuity v0.4.3 // indirect + github.com/containerd/log v0.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect - github.com/docker/cli v24.0.9+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/distribution/reference v0.6.0 // indirect + github.com/docker/cli v26.1.4+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.0 // indirect @@ -156,7 +158,6 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -181,12 +182,13 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/nyaruka/phonenumbers v1.1.6 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc2 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runc v1.1.13 // indirect github.com/openzipkin/zipkin-go v0.4.2 // indirect github.com/pelletier/go-toml/v2 v2.0.6 // indirect diff --git a/go.sum b/go.sum index 64cd6c95..2112d605 100644 --- a/go.sum +++ b/go.sum @@ -37,6 +37,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= code.dny.dev/ssrf v0.2.0 h1:wCBP990rQQ1CYfRpW+YK1+8xhwUjv189AQ3WMo1jQaI= code.dny.dev/ssrf v0.2.0/go.mod h1:B+91l25OnyaLIeCx0WRJN5qfJ/4/ZTZxRXgm0lj/2w8= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= @@ -68,8 +70,8 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/auth0/go-jwt-middleware v1.0.1 h1:/fsQ4vRr4zod1wKReUH+0A3ySRjGiT9G34kypO/EKwI= -github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= +github.com/auth0/go-jwt-middleware/v2 v2.2.1 h1:pqxEIwlCztD0T9ZygGfOrw4NK/F9iotnCnPJVADKbkE= +github.com/auth0/go-jwt-middleware/v2 v2.2.1/go.mod h1:CSi0tuu0QrALbWdiQZwqFL8SbBhj4e2MJzkvNfjY0Us= github.com/avast/retry-go/v4 v4.3.0 h1:cqI48aXx0BExKoM7XPklDpoHAg7/srPPLAfWG5z62jo= github.com/avast/retry-go/v4 v4.3.0/go.mod h1:bqOlT4nxk4phk9buiQFaghzjpqdchOSwPgjdfdQBtdg= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= @@ -106,6 +108,8 @@ github.com/cockroachdb/cockroach-go/v2 v2.3.5 h1:Khtm8K6fTTz/ZCWPzU9Ne3aOW9VyAnj github.com/cockroachdb/cockroach-go/v2 v2.3.5/go.mod h1:1wNJ45eSXW9AnOc3skntW9ZUZz6gxrQK3cOj3rK+BC8= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -123,12 +127,12 @@ github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWa github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/docker/cli v24.0.9+incompatible h1:OxbimnP/z+qVjDLpq9wbeFU3Nc30XhSe+LkwYQisD50= -github.com/docker/cli v24.0.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v20.10.27+incompatible h1:Id/ZooynV4ZlD6xX20RCd3SR0Ikn7r4QZDa2ECK2TgA= -github.com/docker/docker v20.10.27+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8= +github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= @@ -155,9 +159,6 @@ github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNu github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.5+incompatible h1:/l4kBbb4/vGSsdtB5nUe8L7B9mImVMaBPw9L/0TBHU8= -github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -307,6 +308,8 @@ github.com/gofrs/uuid v4.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -387,13 +390,8 @@ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0= -github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= -github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI= @@ -419,8 +417,6 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -497,8 +493,6 @@ github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -609,6 +603,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -637,8 +633,8 @@ github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= -github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runc v1.1.13 h1:98S2srgG9vw0zWcDpFMn5TRrh8kLxa/5OFUstuUhmRs= github.com/opencontainers/runc v1.1.13/go.mod h1:R016aXacfp/gwQBYw2FDGa9m+n6atbLWrYY8hNMT/sA= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= @@ -646,8 +642,8 @@ github.com/openzipkin/zipkin-go v0.4.2 h1:zjqfqHjUpPmB3c1GlCvvgsM1G4LkvqQbBDueDO github.com/openzipkin/zipkin-go v0.4.2/go.mod h1:ZeVkFjuuBiSy13y8vpSDCjMi9GoI3hPpCJSBx/EYFhY= github.com/ory/analytics-go/v5 v5.0.1 h1:LX8T5B9FN8KZXOtxgN+R3I4THRRVB6+28IKgKBpXmAM= github.com/ory/analytics-go/v5 v5.0.1/go.mod h1:lWCiCjAaJkKfgR/BN5DCLMol8BjKS1x+4jxBxff/FF0= -github.com/ory/dockertest/v3 v3.10.1-0.20240619125955-3328cf9343b8 h1:pdmvNMAN5x5kPmntdHNmfl3TDszlGeXYri+JSA4JMNM= -github.com/ory/dockertest/v3 v3.10.1-0.20240619125955-3328cf9343b8/go.mod h1:Z3wDt3X5YzB70upzvwiBH2U3lj8q/SXHKT2dyMM7t3I= +github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d h1:By96ZSVuH5LyjXLVVMfvJoLVGHaT96LdOnwgFSLVf0E= +github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d/go.mod h1:F2FIjwwAk6CsNAs//B8+aPFQF0t84pbM8oliyNXwQrk= github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe h1:rvu4obdvqR0fkSIJ8IfgzKOWwZ5kOT2UNfLq81Qk7rc= github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe/go.mod h1:z4n3u6as84LbV4YmgjHhnwtccQqzf4cZlSk9f1FhygI= github.com/ory/herodot v0.10.2 h1:gGvNMHgAwWzdP/eo+roSiT5CGssygHSjDU7MSQNlJ4E= @@ -711,8 +707,8 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= -github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po= +github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= @@ -742,11 +738,6 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.1.0 h1:MkTeG1DMwsrdH7QtLXy5W+fUxWq+vmb6cLmyJ7aRtF0= -github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d h1:yKm7XZV6j9Ev6lojP2XaIshpT4ymkqhMeSghO5Ps00E= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e h1:qpG93cPwA5f7s/ZPBJnGOYQNK/vKsaDaseuKT5Asee8= @@ -1137,7 +1128,6 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1321,6 +1311,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/go-jose/go-jose.v2 v2.6.2 h1:Rl5+9rA0kG3vsO1qhncMPRT5eHICihAMQYJkD7u/i4M= +gopkg.in/go-jose/go-jose.v2 v2.6.2/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= @@ -1342,7 +1334,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= diff --git a/jwtmiddleware/middleware.go b/jwtmiddleware/middleware.go index 4ada135b..dd6a3f98 100644 --- a/jwtmiddleware/middleware.go +++ b/jwtmiddleware/middleware.go @@ -10,35 +10,38 @@ import ( "net/http" "strings" - "github.com/form3tech-oss/jwt-go" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "github.com/ory/herodot" - jwtmiddleware "github.com/auth0/go-jwt-middleware" + jwtmiddleware "github.com/auth0/go-jwt-middleware/v2" "github.com/urfave/negroni" "github.com/ory/x/jwksx" ) -const SessionContextKey string = "github.com/ory/x/jwtmiddleware.session" +// Deprecated: use jwtmiddleware.ContextKey{} instead. +var SessionContextKey = jwtmiddleware.ContextKey{} type Middleware struct { o *middlewareOptions wku string jm *jwtmiddleware.JWTMiddleware + w herodot.Writer } type middlewareOptions struct { Debug bool ExcludePaths []string SigningMethod jwt.SigningMethod + ErrorWriter herodot.Writer } type MiddlewareOption func(*middlewareOptions) func SessionFromContext(ctx context.Context) (json.RawMessage, error) { - raw := ctx.Value(SessionContextKey) + raw := ctx.Value(jwtmiddleware.ContextKey{}) if raw == nil { return nil, errors.WithStack(herodot.ErrUnauthorized.WithReasonf("Could not find credentials in the request.")) } @@ -74,12 +77,19 @@ func MiddlewareAllowSigningMethod(method jwt.SigningMethod) MiddlewareOption { } } +func MiddlewareErrorWriter(w herodot.Writer) MiddlewareOption { + return func(o *middlewareOptions) { + o.ErrorWriter = w + } +} + func NewMiddleware( wellKnownURL string, opts ...MiddlewareOption, ) *Middleware { c := &middlewareOptions{ SigningMethod: jwt.SigningMethodES256, + ErrorWriter: herodot.NewJSONWriter(nil), } for _, o := range opts { @@ -89,35 +99,61 @@ func NewMiddleware( return &Middleware{ o: c, wku: wellKnownURL, - jm: jwtmiddleware.New(jwtmiddleware.Options{ - ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) { - if raw, ok := token.Header["kid"]; !ok { - return nil, errors.New(`jwt from authorization HTTP header is missing value for "kid" in token header`) - } else if kid, ok := raw.(string); !ok { - return nil, fmt.Errorf(`jwt from authorization HTTP header is expecting string value for "kid" in tokenWithoutKid header but got: %T`, raw) - } else if k, err := jc.GetKey(kid); err != nil { - return nil, err - } else { - return k.Key, nil - } + jm: jwtmiddleware.New( + func(ctx context.Context, rawToken string) (any, error) { + return jwt.NewParser( + jwt.WithValidMethods([]string{c.SigningMethod.Alg()}), + ).Parse(rawToken, func(token *jwt.Token) (interface{}, error) { + if raw, ok := token.Header["kid"]; !ok { + return nil, errors.New(`jwt from authorization HTTP header is missing value for "kid" in token header`) + } else if kid, ok := raw.(string); !ok { + return nil, fmt.Errorf(`jwt from authorization HTTP header is expecting string value for "kid" in tokenWithoutKid header but got: %T`, raw) + } else if k, err := jc.GetKey(kid); err != nil { + return nil, err + } else { + return k.Key, nil + } + }) }, - SigningMethod: c.SigningMethod, - UserProperty: SessionContextKey, - CredentialsOptional: false, - Debug: c.Debug, - }), + jwtmiddleware.WithCredentialsOptional(false), + jwtmiddleware.WithTokenExtractor(func(r *http.Request) (string, error) { + // wrapping the extractor to get a herodot.ErrorContainer + token, err := jwtmiddleware.AuthHeaderTokenExtractor(r) + if err != nil { + return "", herodot.ErrUnauthorized.WithReason(err.Error()) + } + return token, nil + }), + jwtmiddleware.WithErrorHandler(func(w http.ResponseWriter, r *http.Request, err error) { + switch { + case errors.Is(err, jwtmiddleware.ErrJWTInvalid): + reason := "The token is invalid or expired." + if err := errors.Unwrap(err); err != nil { + reason = err.Error() + } + c.ErrorWriter.WriteError(w, r, errors.WithStack(herodot.ErrUnauthorized.WithReason(reason))) + case errors.Is(err, jwtmiddleware.ErrJWTMissing): + c.ErrorWriter.WriteError(w, r, errors.WithStack(herodot.ErrUnauthorized.WithReason("The token is missing."))) + default: + c.ErrorWriter.WriteError(w, r, err) + } + }), + ), } } +// Deprecated: use Middleware as a negroni.Handler directly instead. func (h *Middleware) NegroniHandler() negroni.Handler { - return negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { - for _, excluded := range h.o.ExcludePaths { - if strings.HasPrefix(r.URL.Path, excluded) { - next(w, r) - return - } + return negroni.HandlerFunc(h.ServeHTTP) +} + +func (h *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { + for _, excluded := range h.o.ExcludePaths { + if strings.HasPrefix(r.URL.Path, excluded) { + next(w, r) + return } + } - h.jm.HandlerWithNext(w, r, next) - }) + h.jm.CheckJWT(next).ServeHTTP(w, r) } diff --git a/jwtmiddleware/middleware_test.go b/jwtmiddleware/middleware_test.go index 2639b59d..78d351af 100644 --- a/jwtmiddleware/middleware_test.go +++ b/jwtmiddleware/middleware_test.go @@ -6,13 +6,14 @@ package jwtmiddleware_test import ( "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" - "strings" "testing" - "github.com/form3tech-oss/jwt-go" + "github.com/tidwall/gjson" + + "github.com/golang-jwt/jwt/v5" "github.com/rakutentech/jwk-go/jwk" "github.com/stretchr/testify/assert" @@ -46,14 +47,6 @@ func init() { } } -func createToken(t *testing.T, claims jwt.MapClaims) string { - c := jwt.NewWithClaims(jwt.SigningMethodES256, claims) - c.Header["kid"] = key.KeyID - s, err := c.SignedString(key.Key) - require.NoError(t, err) - return s -} - func newKeyServer(t *testing.T) string { public, err := key.PublicOnly() require.NoError(t, err) @@ -86,48 +79,73 @@ func TestSessionFromRequest(t *testing.T) { require.NoError(t, json.NewEncoder(w).Encode(s)) }) n := negroni.New() - n.Use(jwtmiddleware.NewMiddleware(ks, jwtmiddleware.MiddlewareExcludePaths("/anonymous")).NegroniHandler()) + n.Use(jwtmiddleware.NewMiddleware(ks, jwtmiddleware.MiddlewareExcludePaths("/anonymous"))) n.UseHandler(router) ts := httptest.NewServer(n) defer ts.Close() for k, tc := range []struct { - token string - expectedStatusCode int - expectedResponse string + token string + expectedStatusCode int + expectedErrorReason string + expectedResponse string }{ // token without token { - token: "", - expectedStatusCode: 401, - expectedResponse: "Authorization header format must be Bearer {token}", + token: "", + expectedStatusCode: 401, + expectedErrorReason: "Authorization header format must be Bearer {token}", }, // token without kid { - token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjo5OTk5OTk5OTk5LCJzZXNzaW9uIjp7ImlkZW50aXR5Ijp7ImlkIjoiMTIzNDU2Nzg5MCJ9fX0.j0SgjC21nhkNP2QX0uE-I4wDYYRYlZq9wqGeDhrbplkKGW4BOjW5Sk0XFFbqrx68hQYz23QvYOYW5avUBzTjPxHwVqB1HPv6M5P2wHvRn7ZvAyhz83fmJMnBRNBOz1MfjxnEgkwfcVbNqsW2y37kRdZfveBlAzSfuPJV8Rkb4wlBbEGUwoCk78j8zcD_dcYFfXbt7uXz_tscScoIOg959Rmwr2E1XqRNy2qWLKSImwo8athdEEE-byLYytg6mgM02bmEQk2dyd5W2MmqG_4UaiBru6Bf9-drqExHDGUyndnAKi_uvF_131_LkPxy6H5Hu_YfZgSE5hXUbRsBzU-gbY5aV5FSn855PnRDyS_lFnBEn-0vcCIMmxbdfhqyKtFPmFHdSO1YsGruhqYaOLOlTVzThP-1XJSpgMKXHXW35c52zB9AaTV-0ETICvZ_OjZM_uzdWeb6PQmFsztcwdO-9C70yR3_HdcjljvnQ4XHs9ho_3_V57fcbW3uQCTq0TRbwD0AXpkVOvKJqaP1yEXYLKSNpGL2MMkuY-i3k6wTZMTV1280TqbJcSpY5n6WoWJnjoZ08BwBQDfX8AUsKk-D71wJbONqmLo5YnmrS-1gHR3bKCfuUzDdvensLXYJwSHg3ae_qE5VxscRhT_p2odeE8JgQBhd0d6765YBAP93F1c", - expectedStatusCode: 401, - expectedResponse: "jwt from authorization HTTP header is missing value for \"kid\" in token header", + token: func() string { + c := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{}) + delete(c.Header, "kid") + s, err := c.SignedString(key.Key) + require.NoError(t, err) + return s + }(), + expectedStatusCode: 401, + expectedErrorReason: "token is unverifiable: error while executing keyfunc: jwt from authorization HTTP header is missing value for \"kid\" in token header", }, // token with int kid { - token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MTIzfQ.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjo5OTk5OTk5OTk5LCJzZXNzaW9uIjp7ImlkZW50aXR5Ijp7ImlkIjoiMTIzNDU2Nzg5MCJ9fX0.pG51ns8s_HeRC_KwtO7SNtIinqgVlSketJs7EjrHbW1xHvLRwCl4qhtIRuLqlED6eTEnqS2r2f6OFAiOJIZl9I6mQttSraHNcUOvK6t0bYg9w_K0HcaVu_894uJLZBTMx0B8mbqr7rZoRN_frriGkkjXbMP75-g1crA-t7_0VQeGwRPx0bcSF0T5yFRQyRlRwUTb6NbpLp6mc6NxMRP5OZPqnMTXAtP9YOfGLFdmhZ5CK1GUTdCRicwUyUOre8MNm4uIPZTTBZav06ncvjK80ATX7hkJqQfvvSlTee0LsLNHpuKPMCb_jmDaEugMXzvKPZ40L-r93KJ0TlK_dqu75imiK5aVuPaz8mk3cno4_0PW3ia0z5e00dWla1E8X1bOiW-4XvNdD1GGYGG0oBje67FnNFYQU2ApECbFN-3yGraneZFEcWWsf3CAEukcrmjjJLXYX0koUBtqvClOXHpKvwu-WhZ4eFYPoJoEysS4WeX7onxls2YdHsMBG9Ku-F26qzIHi1pDNsGb3eDbsGAMjaqEV81YfzwgBIF1nhfzuS0IU3LMoiwbwyQA6-hsAcV1dHTIoIW4VT1iEk90fsLzEMprh__SxYFIlOXchDWPD08sHLQk2kVLUR_BosdrygmTwkHVsq_lvIH77FsDkhwdKpD_sgdIdW_ttnYtCdMGlJc", - expectedStatusCode: 401, - expectedResponse: "jwt from authorization HTTP header is expecting string value for \"kid\" in tokenWithoutKid header but got: float64", + token: func() string { + c := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{}) + c.Header["kid"] = 42 + s, err := c.SignedString(key.Key) + require.NoError(t, err) + return s + }(), + expectedStatusCode: 401, + expectedErrorReason: "token is unverifiable: error while executing keyfunc: jwt from authorization HTTP header is expecting string value for \"kid\" in tokenWithoutKid header but got: float64", }, // token with unknown kid { - token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im5vdC1hLXZhbGlkLWtpZCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjo5OTk5OTk5OTk5LCJzZXNzaW9uIjp7ImlkZW50aXR5Ijp7ImlkIjoiMTIzNDU2Nzg5MCJ9fX0.rX173fvU_Ed2p-iYF8PcRr4tS4e-BZR8RFV_CVtgEJxk2vMZHOlygJgvTZVK1cIP63EpHVqK_Sr5b1ctapLxpWMoxXBfdnyegZ5gLrDZ5vnbTJoWxpPo71D2RK2dC9qLwjBQr0MlYaLFUZrPcPOhsoYMlPTzLXamR0EGTY8lzPJhi3FubbnIWmq91v1ie-kF5d2Mxw_VnvF7ZJB5JwIH2KxkyVmGtImydmmkiXfuiNx1jejM68XW3mtfOFcuJYxc01jYR3l1Jh4E09hXNjYxqrR6oUjbmQZum60AInR_UyXw2myjkeAxj-m89ndm_z2MjrT0Za0cBuz0hY45FX6lOuANCCN6KOK3WmgdR6MCLxDWkNauicpMvsj14vF7V6W9kMpROE3YGxYySdG0ob8dtOurbYbFewFGi_ivmq7boMgwE1u6KpIKpW_DOjxCPcyP9UpxyAtFOGzV9cDUY_VA6rRWYktfBzE2HQpMPxX41FVhUT8Up0FGoUe1xnPkHLza17ZsGDVbfOMC-ji_kPRNi6rCZSn_nidr_7NbwhhaYkuPdWYtPLhr0XTsuwC2U0yGduwzP-ew8GiHQUvNBdio_WxhSHZm5WerFWzMB2_3QiMkh9O77axz1BmDGyXxs1OzUlvUKtPBlAz5b8oH_wdbGHiDfpL4c4qL_QAZfFpma4I", - expectedStatusCode: 401, - expectedResponse: "unable to find JSON Web Key with ID: not-a-valid-kid", + token: func() string { + c := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{}) + c.Header["kid"] = "not " + key.KeyID + s, err := c.SignedString(key.Key) + require.NoError(t, err) + return s + }(), + expectedStatusCode: 401, + expectedErrorReason: "token is unverifiable: error while executing keyfunc: unable to find JSON Web Key with ID: not b71ff5bd-a016-4ac0-9f3f-a172552578ea", }, // token with valid kid { - token: createToken(t, jwt.MapClaims{ - "identity": map[string]interface{}{"email": "foo@bar.com"}, - }), + token: func() string { + c := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ + "identity": map[string]interface{}{"email": "foo@bar.com"}, + }) + c.Header["kid"] = key.KeyID + s, err := c.SignedString(key.Key) + require.NoError(t, err) + return s + }(), expectedStatusCode: 200, - expectedResponse: mustString(sjson.SetRaw("{}", "identity", "{\"email\":\"foo@bar.com\"}")), + expectedResponse: mustString(sjson.SetRaw("{}", "identity.email", `"foo@bar.com"`)), }, } { t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { @@ -140,11 +158,15 @@ func TestSessionFromRequest(t *testing.T) { require.NoError(t, err) defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) require.NoError(t, err) assert.Equal(t, tc.expectedStatusCode, res.StatusCode, string(body)) - assert.Equal(t, tc.expectedResponse, strings.TrimSpace(string(body))) + assert.Equal(t, tc.expectedErrorReason, gjson.GetBytes(body, "error.reason").String()) + + if tc.expectedResponse != "" { + assert.JSONEq(t, tc.expectedResponse, string(body)) + } }) } diff --git a/sqlcon/dockertest/test_helper.go b/sqlcon/dockertest/test_helper.go index 7ec9ac7d..97664ee9 100644 --- a/sqlcon/dockertest/test_helper.go +++ b/sqlcon/dockertest/test_helper.go @@ -15,17 +15,16 @@ import ( "testing" "time" - "github.com/gobuffalo/pop/v6" - - "github.com/ory/dockertest/v3" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" "github.com/docker/docker/client" + "github.com/gobuffalo/pop/v6" "github.com/jmoiron/sqlx" "github.com/pkg/errors" "github.com/stretchr/testify/require" + "github.com/ory/dockertest/v3" dc "github.com/ory/dockertest/v3/docker" "github.com/ory/x/logrusx" "github.com/ory/x/resilience" @@ -349,7 +348,7 @@ func RunCockroachDB() (string, error) { return RunCockroachDBWithVersion("") } -// RunCockroachDB runs a CockroachDB database and returns the URL to it. +// RunCockroachDBWithVersion runs a CockroachDB database with the specified version and returns the URL to it. func RunCockroachDBWithVersion(version string) (string, error) { resource, err := startCockroachDB(version) if err != nil { @@ -468,8 +467,7 @@ func DumpSchema(ctx context.Context, t *testing.T, db string) string { cli, err := client.NewClientWithOpts(client.FromEnv) require.NoError(t, err) - containers, err := cli.ContainerList(ctx, types.ContainerListOptions{ - Quiet: true, + containers, err := cli.ContainerList(ctx, container.ListOptions{ Filters: filters.NewArgs(filters.Arg("expose", containerPort)), }) require.NoError(t, err)