fix: allow using cookie and header in case of validating jwt

2022-01-24 09:56:12 +05:30 · 2022-01-24 09:56:12 +05:30 · 4bc9059b0f
commit 4bc9059b0f
parent 87b1cac979
5 changed files with 21 additions and 9 deletions
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@ -1227,7 +1227,7 @@ input SessionQueryInput {
 }

 input IsValidJWTQueryInput {
-	jwt: String!
+	jwt: String
 	roles: [String!]
 }

@ -6052,7 +6052,7 @@ func (ec *executionContext) unmarshalInputIsValidJWTQueryInput(ctx context.Conte
 			var err error

 			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("jwt"))
-			it.Jwt, err = ec.unmarshalNString2string(ctx, v)
+			it.Jwt, err = ec.unmarshalOString2ᚖstring(ctx, v)
 			if err != nil {
 				return it, err
 			}
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@ -64,7 +64,7 @@ type ForgotPasswordInput struct {
 }

 type IsValidJWTQueryInput struct {
-	Jwt   string   `json:"jwt"`
+	Jwt   *string  `json:"jwt"`
 	Roles []string `json:"roles"`
 }

--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@ -225,7 +225,7 @@ input SessionQueryInput {
 }

 input IsValidJWTQueryInput {
-	jwt: String!
+	jwt: String
 	roles: [String!]
 }

--- a/server/resolvers/is_valid_jwt.go
+++ b/server/resolvers/is_valid_jwt.go
@ -2,18 +2,31 @@ package resolvers

 import (
 	"context"
+	"errors"
 	"fmt"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/token"
 	tokenHelper "github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )

 // IsValidJwtResolver resolver to return if given jwt is valid
 func IsValidJwtResolver(ctx context.Context, params *model.IsValidJWTQueryInput) (*model.ValidJWTResponse, error) {
-	claims, err := tokenHelper.VerifyJWTToken(params.Jwt)
+	gc, err := utils.GinContextFromContext(ctx)
+	token, err := token.GetAccessToken(gc)
+
+	if token == "" || err != nil {
+		if params != nil && *params.Jwt != "" {
+			token = *params.Jwt
+		} else {
+			return nil, errors.New("no jwt provided via cookie / header / params")
+		}
+	}
+
+	claims, err := tokenHelper.VerifyJWTToken(token)
 	if err != nil {
 		return nil, err
 	}
--- a/server/test/is_valid_jwt_test.go
+++ b/server/test/is_valid_jwt_test.go
@ -1,7 +1,6 @@
 package test

 import (
-	"context"
 	"testing"

 	"github.com/authorizerdev/authorizer/server/db/models"
@ -14,12 +13,12 @@ import (

 func isValidJWTTests(t *testing.T, s TestSetup) {
 	t.Helper()
-	ctx := context.Background()
+	_, ctx := createContext(s)
 	expiredToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkX3JvbGVzIjpbIiJdLCJiaXJ0aGRhdGUiOm51bGwsImNyZWF0ZWRfYXQiOjAsImVtYWlsIjoiam9obi5kb2VAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE2NDI5NjEwMTEsImV4dHJhIjp7IngtZXh0cmEtaWQiOiJkMmNhMjQwNy05MzZmLTQwYzQtOTQ2NS05Y2M5MWYxZTJhNDQifSwiZmFtaWx5X25hbWUiOm51bGwsImdlbmRlciI6bnVsbCwiZ2l2ZW5fbmFtZSI6bnVsbCwiaWF0IjoxNjQyOTYwOTgxLCJpZCI6ImQyY2EyNDA3LTkzNmYtNDBjNC05NDY1LTljYzkxZjFlMmE0NCIsIm1pZGRsZV9uYW1lIjpudWxsLCJuaWNrbmFtZSI6bnVsbCwicGhvbmVfbnVtYmVyIjpudWxsLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOmZhbHNlLCJwaWN0dXJlIjpudWxsLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqb2huLmRvZUBnbWFpbC5jb20iLCJyb2xlIjpbXSwic2lnbnVwX21ldGhvZHMiOiIiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwidXBkYXRlZF9hdCI6MH0.FrdyeOC5e8uU1SowGj0omFJuwRnh4BrEk89S_fbEkzs"

 	t.Run(`should fail for invalid jwt`, func(t *testing.T) {
 		_, err := resolvers.IsValidJwtResolver(ctx, &model.IsValidJWTQueryInput{
-			Jwt: expiredToken,
+			Jwt: &expiredToken,
 		})
 		assert.NotNil(t, err)
 	})
@ -31,7 +30,7 @@ func isValidJWTTests(t *testing.T, s TestSetup) {
 		}, []string{})
 		assert.Nil(t, err)
 		res, err := resolvers.IsValidJwtResolver(ctx, &model.IsValidJWTQueryInput{
-			Jwt: authToken.AccessToken.Token,
+			Jwt: &authToken.AccessToken.Token,
 		})
 		assert.Nil(t, err)
 		assert.True(t, res.Valid)