mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-25 13:19:37 -05:00
35735bbef9
* Upgrade to golang-jwt 3.2.2 Upgrade to the latest version of golang-jwt Signed-off-by: Andrew Thornton <art27@cantab.net> * Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2. Further given golang-jwt/jwts stated policy of only supporting supported go versions we should just raise our minimal version of go to 1.16 for 1.16 as by time of release 1.15 will be out of support. Signed-off-by: Andrew Thornton <art27@cantab.net> * update minimal go required Signed-off-by: Andrew Thornton <art27@cantab.net> * update config.yaml Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
120 lines
2.9 KiB
Go
Vendored
120 lines
2.9 KiB
Go
Vendored
package jwt
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
// "fmt"
|
|
)
|
|
|
|
// Claims type that uses the map[string]interface{} for JSON decoding
|
|
// This is the default claims type if you don't supply one
|
|
type MapClaims map[string]interface{}
|
|
|
|
// VerifyAudience Compares the aud claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
|
|
var aud []string
|
|
switch v := m["aud"].(type) {
|
|
case string:
|
|
aud = append(aud, v)
|
|
case []string:
|
|
aud = v
|
|
case []interface{}:
|
|
for _, a := range v {
|
|
vs, ok := a.(string)
|
|
if !ok {
|
|
return false
|
|
}
|
|
aud = append(aud, vs)
|
|
}
|
|
}
|
|
return verifyAud(aud, cmp, req)
|
|
}
|
|
|
|
// Compares the exp claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
|
|
exp, ok := m["exp"]
|
|
if !ok {
|
|
return !req
|
|
}
|
|
switch expType := exp.(type) {
|
|
case float64:
|
|
return verifyExp(int64(expType), cmp, req)
|
|
case json.Number:
|
|
v, _ := expType.Int64()
|
|
return verifyExp(v, cmp, req)
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Compares the iat claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
|
|
iat, ok := m["iat"]
|
|
if !ok {
|
|
return !req
|
|
}
|
|
switch iatType := iat.(type) {
|
|
case float64:
|
|
return verifyIat(int64(iatType), cmp, req)
|
|
case json.Number:
|
|
v, _ := iatType.Int64()
|
|
return verifyIat(v, cmp, req)
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Compares the iss claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
|
|
iss, _ := m["iss"].(string)
|
|
return verifyIss(iss, cmp, req)
|
|
}
|
|
|
|
// Compares the nbf claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
|
|
nbf, ok := m["nbf"]
|
|
if !ok {
|
|
return !req
|
|
}
|
|
switch nbfType := nbf.(type) {
|
|
case float64:
|
|
return verifyNbf(int64(nbfType), cmp, req)
|
|
case json.Number:
|
|
v, _ := nbfType.Int64()
|
|
return verifyNbf(v, cmp, req)
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Validates time based claims "exp, iat, nbf".
|
|
// There is no accounting for clock skew.
|
|
// As well, if any of the above claims are not in the token, it will still
|
|
// be considered a valid claim.
|
|
func (m MapClaims) Valid() error {
|
|
vErr := new(ValidationError)
|
|
now := TimeFunc().Unix()
|
|
|
|
if !m.VerifyExpiresAt(now, false) {
|
|
vErr.Inner = errors.New("Token is expired")
|
|
vErr.Errors |= ValidationErrorExpired
|
|
}
|
|
|
|
if !m.VerifyIssuedAt(now, false) {
|
|
vErr.Inner = errors.New("Token used before issued")
|
|
vErr.Errors |= ValidationErrorIssuedAt
|
|
}
|
|
|
|
if !m.VerifyNotBefore(now, false) {
|
|
vErr.Inner = errors.New("Token is not valid yet")
|
|
vErr.Errors |= ValidationErrorNotValidYet
|
|
}
|
|
|
|
if vErr.valid() {
|
|
return nil
|
|
}
|
|
|
|
return vErr
|
|
}
|