diff options
author | Alexander Trauzzi <atrauzzi@gmail.com> | 2020-03-24 12:28:07 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-24 17:28:07 +0000 |
commit | 1890168af11fec4dff6126991d29a4eedb793ca9 (patch) | |
tree | e380c900c08169c0602671c8a7518e3fe11dcd6b | |
parent | 5c52904c2d12e9b75450ed82aebfefc1b6100884 (diff) | |
download | couchdb-1890168af11fec4dff6126991d29a4eedb793ca9.tar.gz |
Add support for roles to be obtained from JWTs. (#2694)
Add support for roles to be obtained from JWTs
-rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 3 | ||||
-rw-r--r-- | test/elixir/test/jwtauth_test.exs | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index f5387d18f..4ad205255 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -198,7 +198,8 @@ jwt_authentication_handler(Req) -> case lists:keyfind(<<"sub">>, 1, Claims) of false -> throw({unauthorized, <<"Token missing sub claim.">>}); {_, User} -> Req#httpd{user_ctx=#user_ctx{ - name=User + name = User, + roles = couch_util:get_value(<<"roles">>, Claims, []) }} end; {error, Reason} -> diff --git a/test/elixir/test/jwtauth_test.exs b/test/elixir/test/jwtauth_test.exs index 3f26e1eaf..dc3d27df4 100644 --- a/test/elixir/test/jwtauth_test.exs +++ b/test/elixir/test/jwtauth_test.exs @@ -103,13 +103,14 @@ defmodule JwtAuthTest do end def test_fun(alg, key) do - {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}]}, key) + {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}, {"roles", ["testing"]}]}, key) resp = Couch.get("/_session", headers: [authorization: "Bearer #{token}"] ) assert resp.body["userCtx"]["name"] == "couch@apache.org" + assert resp.body["userCtx"]["roles"] == ["testing"] assert resp.body["info"]["authenticated"] == "jwt" end |