diff --git a/events/nats_config_test.go b/events/nats_config_test.go index 4c2da05..85190a3 100644 --- a/events/nats_config_test.go +++ b/events/nats_config_test.go @@ -66,6 +66,7 @@ func TestNatsOptions_ValidatePrereqs(t *testing.T) { CredsFile: tt.fields.CredsFile, ConnectTimeout: tt.fields.ConnectTimeout, } + err := o.validatePrereqs() if tt.errorContains != "" { assert.True(t, errors.Is(err, ErrNatsConfig)) @@ -180,6 +181,7 @@ func TestNatsConsumerOptions_Validate(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &NatsConsumerOptions{Name: tt.fields.Name} + err := c.validate() if tt.errorContains != "" { assert.True(t, errors.Is(err, ErrNatsConfig)) diff --git a/ginjwt/jwt.go b/ginjwt/jwt.go index 541e4f0..382b9ed 100644 --- a/ginjwt/jwt.go +++ b/ginjwt/jwt.go @@ -8,6 +8,7 @@ import ( "time" "github.com/gin-gonic/gin" + "github.com/pkg/errors" "golang.org/x/net/context" "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" @@ -73,6 +74,14 @@ func NewAuthMiddleware(cfg AuthConfig) (*Middleware, error) { return mw, nil } + if cfg.Audience == "" { + return nil, errors.Wrap(ErrInvalidAudience, "empty value") + } + + if cfg.Issuer == "" { + return nil, errors.Wrap(ErrInvalidIssuer, "empty value") + } + uriProvided := (cfg.JWKSURI != "") jwksProvided := len(cfg.JWKS.Keys) > 0 diff --git a/ginjwt/jwt_test.go b/ginjwt/jwt_test.go index 2e58886..52cc5ec 100644 --- a/ginjwt/jwt_test.go +++ b/ginjwt/jwt_test.go @@ -220,7 +220,9 @@ func TestMiddlewareValidatesTokensWithScopes(t *testing.T) { for _, tt := range testCases { t.Run(tt.testName, func(t *testing.T) { var jwksURI string + var jwks jose.JSONWebKeySet + if tt.jwksFromURI { jwksURI = ginjwt.TestHelperJWKSProvider(ginjwt.TestPrivRSAKey1ID, ginjwt.TestPrivRSAKey2ID) } else { @@ -719,7 +721,7 @@ func TestAuthMiddlewareConfig(t *testing.T) { JWKS: jwks, RoleValidationStrategy: "all", }, - checkFn: func(t *testing.T, mw ginauth.GenericAuthMiddleware, err error) { + checkFn: func(t *testing.T, _ ginauth.GenericAuthMiddleware, err error) { assert.ErrorIs(t, err, ginjwt.ErrInvalidAuthConfig) }, }, @@ -731,10 +733,34 @@ func TestAuthMiddlewareConfig(t *testing.T) { Issuer: "example-iss", RoleValidationStrategy: "all", }, - checkFn: func(t *testing.T, mw ginauth.GenericAuthMiddleware, err error) { + checkFn: func(t *testing.T, _ ginauth.GenericAuthMiddleware, err error) { assert.ErrorIs(t, err, ginjwt.ErrInvalidAuthConfig) }, }, + { + name: "MissingAudience", + input: ginjwt.AuthConfig{ + Enabled: true, + Audience: "", + Issuer: "example-iss", + RoleValidationStrategy: "all", + }, + checkFn: func(t *testing.T, _ ginauth.GenericAuthMiddleware, err error) { + assert.ErrorIs(t, err, ginjwt.ErrInvalidAudience) + }, + }, + { + name: "MissingIssuer", + input: ginjwt.AuthConfig{ + Enabled: true, + Audience: "example-aud", + Issuer: "", + RoleValidationStrategy: "all", + }, + checkFn: func(t *testing.T, _ ginauth.GenericAuthMiddleware, err error) { + assert.ErrorIs(t, err, ginjwt.ErrInvalidIssuer) + }, + }, } for _, tc := range testCases { diff --git a/ginjwt/multitokenmiddleware.go b/ginjwt/multitokenmiddleware.go index aa8ffe0..b42a9be 100644 --- a/ginjwt/multitokenmiddleware.go +++ b/ginjwt/multitokenmiddleware.go @@ -1,9 +1,17 @@ package ginjwt -import "go.hollow.sh/toolbox/ginauth" +import ( + "github.com/pkg/errors" + + "go.hollow.sh/toolbox/ginauth" +) // NewMultiTokenMiddlewareFromConfigs builds a MultiTokenMiddleware object from multiple AuthConfigs. func NewMultiTokenMiddlewareFromConfigs(cfgs ...AuthConfig) (*ginauth.MultiTokenMiddleware, error) { + if len(cfgs) == 0 { + return nil, errors.Wrap(ErrInvalidAuthConfig, "configuration empty") + } + mtm := &ginauth.MultiTokenMiddleware{} for _, cfg := range cfgs {