Skip to content

Commit

Permalink
Renamed short-term session to session-token
Browse files Browse the repository at this point in the history
  • Loading branch information
@corbadoman
corbadoman committed Oct 14, 2024
1 parent b3c20a4 commit 1ea3ffa
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 30 deletions.
14 changes: 7 additions & 7 deletions examples/basic/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ func main() {
// Protecting routes //
//////////////////////////////////////////////////////////////////////////////////////////////

// Retrieve short-term session value from cookie
shortSessionCookie, err := r.Cookie("cbo_short_session")
// Retrieve session-token from cookie
sessionTokenCookie, err := r.Cookie("cbo_session_token")
if errors.Is(err, http.ErrNoCookie) {
// User is not authenticated, redirect to login page for example
http.Redirect(w, r, "/login", http.StatusFound)
Expand All @@ -55,9 +55,9 @@ func main() {
return
}

shortSession := shortSessionCookie.Value
sessionToken := sessionTokenCookie.Value

user, err := sdk.Sessions().ValidateToken(shortSession)
user, err := sdk.Sessions().ValidateToken(sessionToken)
if err != nil {
// Return full error (not recommended on production)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand All @@ -69,11 +69,11 @@ func main() {
fmt.Fprintf(w, "User with ID %s is authenticated!", user.UserID)

//////////////////////////////////////////////////////////////////////////////////////////////
// Getting user data from short-term session (represented as JWT) //
// Getting user data from session-token //
//////////////////////////////////////////////////////////////////////////////////////////////

{
user, err := sdk.Sessions().ValidateToken(shortSession)
user, err := sdk.Sessions().ValidateToken(sessionToken)
if err != nil {
// Return full error (not recommended on production)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand All @@ -90,7 +90,7 @@ func main() {
//////////////////////////////////////////////////////////////////////////////////////////////

{
user, err := sdk.Sessions().ValidateToken(shortSession)
user, err := sdk.Sessions().ValidateToken(sessionToken)
if err != nil {
// Return full error (not recommended on production)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand Down
18 changes: 9 additions & 9 deletions internal/services/session/session.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

type Session interface {
ValidateToken(shortSession string) (*entities.User, error)
ValidateToken(sessionToken string) (*entities.User, error)
}

type Impl struct {
Expand Down Expand Up @@ -86,8 +86,8 @@ func newJWKS(config *Config) (*keyfunc.JWKS, error) {
return keyfunc.Get(config.JwksURI, options)
}

func (i *Impl) ValidateToken(shortSession string) (*entities.User, error) {
if err := assert.StringNotEmpty(shortSession); err != nil {
func (i *Impl) ValidateToken(sessionToken string) (*entities.User, error) {
if err := assert.StringNotEmpty(sessionToken); err != nil {
return nil, err
}

Expand All @@ -100,7 +100,7 @@ func (i *Impl) ValidateToken(shortSession string) (*entities.User, error) {
i.Jwks = jwks
}

token, err := jwt.ParseWithClaims(shortSession, &entities.Claims{}, i.Jwks.Keyfunc)
token, err := jwt.ParseWithClaims(sessionToken, &entities.Claims{}, i.Jwks.Keyfunc)
if err != nil {
code := validationerror.CodeJWTGeneral
libraryValidationErr := &jwt.ValidationError{}
Expand All @@ -121,11 +121,11 @@ func (i *Impl) ValidateToken(shortSession string) (*entities.User, error) {
}
}

return nil, newValidationError(err.Error(), shortSession, code)
return nil, newValidationError(err.Error(), sessionToken, code)
}

claims := token.Claims.(*entities.Claims)
if err := i.validateIssuer(claims.Issuer, shortSession); err != nil {
if err := i.validateIssuer(claims.Issuer, sessionToken); err != nil {
return nil, err
}

Expand All @@ -135,9 +135,9 @@ func (i *Impl) ValidateToken(shortSession string) (*entities.User, error) {
}, nil
}

func (i *Impl) validateIssuer(jwtIssuer string, shortSession string) error {
func (i *Impl) validateIssuer(jwtIssuer string, sessionToken string) error {
if jwtIssuer == "" {
return newValidationError("Issuer is empty", shortSession, validationerror.CodeJWTIssuerEmpty)
return newValidationError("Issuer is empty", sessionToken, validationerror.CodeJWTIssuerEmpty)
}

// Compare to old Frontend API (without .cloud.) to make our Frontend API host name change downwards compatible
Expand All @@ -154,7 +154,7 @@ func (i *Impl) validateIssuer(jwtIssuer string, shortSession string) error {
if jwtIssuer != i.Config.JWTIssuer {
return newValidationError(
fmt.Sprintf("Issuer mismatch (configured trough FrontendAPI: '%s', JWT issuer: '%s')", i.Config.JWTIssuer, jwtIssuer),
shortSession,
sessionToken,
validationerror.CodeJWTIssuerMismatch,
)
}
Expand Down
28 changes: 14 additions & 14 deletions tests/unit/session/session_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,87 +148,87 @@ func TestValidateToken(t *testing.T) {
tests := []struct {
name string
issuer string
shortSession string
sessionToken string
validationErrorCode validationerror.Code
success bool
}{
{
name: "Empty JWT",
shortSession: "",
sessionToken: "",
success: false,
},
{
name: "JWT with invalid format",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: "invalid",
sessionToken: "invalid",
validationErrorCode: validationerror.CodeJWTInvalidData,
success: false,
},
{
name: "JWT with invalid signature",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtpZDEyMyJ9.eyJpc3MiOiJodHRwczovL2F1dGguYWNtZS5jb20iLCJpYXQiOjE3MjY0OTE4MDcsImV4cCI6MTcyNjQ5MTkwNywibmJmIjoxNzI2NDkxNzA3LCJzdWIiOiJ1c3ItMTIzNDU2Nzg5MCIsIm5hbWUiOiJuYW1lIiwiZW1haWwiOiJlbWFpbCIsInBob25lX251bWJlciI6InBob25lTnVtYmVyIiwib3JpZyI6Im9yaWcifQ.invalid", // nolint:lll
sessionToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtpZDEyMyJ9.eyJpc3MiOiJodHRwczovL2F1dGguYWNtZS5jb20iLCJpYXQiOjE3MjY0OTE4MDcsImV4cCI6MTcyNjQ5MTkwNywibmJmIjoxNzI2NDkxNzA3LCJzdWIiOiJ1c3ItMTIzNDU2Nzg5MCIsIm5hbWUiOiJuYW1lIiwiZW1haWwiOiJlbWFpbCIsInBob25lX251bWJlciI6InBob25lTnVtYmVyIiwib3JpZyI6Im9yaWcifQ.invalid", // nolint:lll
validationErrorCode: validationerror.CodeJWTInvalidSignature,
success: false,
},
{
name: "JWT with invalid private key signed",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey),
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey),
validationErrorCode: validationerror.CodeJWTInvalidSignature,
success: false,
},
{
name: "Not before (nbf) in future",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Add(100*time.Second).Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Add(100*time.Second).Unix(), validPrivateKey),
validationErrorCode: validationerror.CodeJWTBefore,
success: false,
},
{
name: "Expired (exp)",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(-100*time.Second).Unix(), time.Now().Add(-100*time.Second).Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(-100*time.Second).Unix(), time.Now().Add(-100*time.Second).Unix(), validPrivateKey),
validationErrorCode: validationerror.CodeJWTExpired,
success: false,
},
{
name: "Empty issuer (iss)",
issuer: "https://pro-1.frontendapi.corbado.io",
shortSession: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
validationErrorCode: validationerror.CodeJWTIssuerEmpty,
success: false,
},
{
name: "Invalid issuer 1 (iss)",
issuer: "https://pro-1.frontendapi.corbado.io",
shortSession: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
success: false,
},
{
name: "Invalid issuer 2 (iss)",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
success: false,
},
{
name: "Success with old Frontend API URL in JWT",
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
shortSession: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
success: true,
},
{
name: "Success with old Frontend API URL in config",
issuer: "https://pro-1.frontendapi.corbado.io",
shortSession: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
success: true,
},
{
name: "Success with CNAME",
issuer: "https://auth.acme.com",
shortSession: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
success: true,
},
}
Expand All @@ -238,7 +238,7 @@ func TestValidateToken(t *testing.T) {
sessionSvc, err := newSession(test.issuer)
require.NoError(t, err)

user, err := sessionSvc.ValidateToken(test.shortSession)
user, err := sessionSvc.ValidateToken(test.sessionToken)

if test.success {
assert.NoError(t, err)
Expand Down

0 comments on commit 1ea3ffa

Please sign in to comment.