MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add support for {jwt:sub} substitutions for policies (#8393)

Browse Source 
Fixes #8345
This commit is contained in:
Harshavardhana
2019-10-16 08:59:59 -07:00
committed by GitHub
parent f2cc97a44c
commit 5afb1b6747
7 changed files with 83 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
cmd/jwt.go
View File

@@ -161,44 +161,58 @@ func isAuthTokenValid(token string) bool {
return err == nil
}
func webTokenAuthenticate(token string) (jwtgo.StandardClaims, bool, error) {
func webTokenAuthenticate(token string) (standardClaims, bool, error) {
var claims = jwtgo.StandardClaims{}
if token == "" {
return claims, false, errNoAuthToken
return standardClaims{claims}, false, errNoAuthToken
}
jwtToken, err := parseJWTWithClaims(token, &claims)
if err != nil {
return claims, false, err
return standardClaims{claims}, false, err
}
if !jwtToken.Valid {
return claims, false, errAuthentication
return standardClaims{claims}, false, errAuthentication
}
owner := claims.Subject == globalServerConfig.GetCredential().AccessKey
return claims, owner, nil
return standardClaims{claims}, owner, nil
}
// jwt standardClaims
type standardClaims struct {
jwtgo.StandardClaims
}
func (s standardClaims) Map() map[string]interface{} {
m := make(map[string]interface{})
m["sub"] = s.Subject
m["iss"] = s.Issuer
m["aud"] = s.Audience
m["jti"] = s.Id
return m
}
// Check if the request is authenticated.
// Returns nil if the request is authenticated. errNoAuthToken if token missing.
// Returns errAuthentication for all other errors.
func webRequestAuthenticate(req *http.Request) (jwtgo.StandardClaims, bool, error) {
func webRequestAuthenticate(req *http.Request) (standardClaims, bool, error) {
var claims = jwtgo.StandardClaims{}
tokStr, err := jwtreq.AuthorizationHeaderExtractor.ExtractToken(req)
if err != nil {
if err == jwtreq.ErrNoTokenInRequest {
return claims, false, errNoAuthToken
return standardClaims{claims}, false, errNoAuthToken
}
return claims, false, err
return standardClaims{claims}, false, err
}
jwtToken, err := parseJWTWithClaims(tokStr, &claims)
if err != nil {
return claims, false, err
return standardClaims{claims}, false, err
}
if !jwtToken.Valid {
return claims, false, errAuthentication
return standardClaims{claims}, false, errAuthentication
}
owner := claims.Subject == globalServerConfig.GetCredential().AccessKey
return claims, owner, nil
return standardClaims{claims}, owner, nil
}
func newAuthToken() string {