diff options
| author | Robert Newson <rnewson@apache.org> | 2020-03-24 20:41:50 +0000 |
|---|---|---|
| committer | Robert Newson <rnewson@apache.org> | 2020-04-02 18:33:03 +0100 |
| commit | 1ab4fec2ab5c07e435525a43b24b7c6964c5d394 (patch) | |
| tree | 87fbf932cb88ab9e946446edbb0585e52fec0f81 | |
| parent | 27ae2f71b6257888b90014e1d4c238391f739dc1 (diff) | |
| download | couchdb-1ab4fec2ab5c07e435525a43b24b7c6964c5d394.tar.gz | |
Merge pull request #2714 from atrauzzi/jwt-couchdb-specific-roles-claim
Make the JWT roles claim more CouchDB specific
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 3 | ||||
| -rw-r--r-- | test/elixir/test/jwtauth_test.exs | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 383cd664c..5cabda34e 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -198,7 +198,8 @@ jwt_authentication_handler(Req) -> case lists:keyfind(<<"sub">>, 1, Claims) of false -> throw({unauthorized, <<"Token missing sub claim.">>}); {_, User} -> Req#httpd{user_ctx=#user_ctx{ - name=User + name = User, + roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, []) }} end; {error, Reason} -> diff --git a/test/elixir/test/jwtauth_test.exs b/test/elixir/test/jwtauth_test.exs index 3f26e1eaf..0c13404e6 100644 --- a/test/elixir/test/jwtauth_test.exs +++ b/test/elixir/test/jwtauth_test.exs @@ -103,7 +103,7 @@ defmodule JwtAuthTest do end def test_fun(alg, key) do - {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}]}, key) + {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}, {"_couchdb.roles", ["testing"]}]}, key) resp = Couch.get("/_session", headers: [authorization: "Bearer #{token}"] |