fixed roleID
This commit is contained in:
@@ -53,7 +53,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
log.Print("Authorization request for user=", ctx.UserID, ", resource=", ctx.Resource, ", action=", ctx.Action)
|
||||
log.Print("JWT claims user=", claims.UserID, ", username=", claims.Username, ", role=", claims.Role)
|
||||
log.Print("JWT claims user=", claims.UserID, ", username=", claims.Username, ", role=", claims.RoleID)
|
||||
// Verify JWT user matches request user (security check)
|
||||
if ctx.UserID != claims.UserID {
|
||||
helper.RespondWithError(w, http.StatusForbidden, "User ID mismatch")
|
||||
|
||||
@@ -46,7 +46,7 @@ func TestAuthorizeHandlerInvalidJSON(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("POST", AuthCheckEndpoint, bytes.NewBufferString("invalid json"))
|
||||
@@ -87,7 +87,7 @@ func TestAuthorizeHandlerMissingRequiredFields(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
body, _ := json.Marshal(tc.payload)
|
||||
@@ -110,7 +110,7 @@ func TestAuthorizeHandlerUserIDMismatch(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
payload := models.AuthorizationContext{
|
||||
@@ -139,7 +139,7 @@ func TestAuthorizeHandlerNilMaps(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
payload := models.AuthorizationContext{
|
||||
@@ -177,7 +177,7 @@ func TestAuthorizeHandlerEmptyUserID(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
payload := models.AuthorizationContext{
|
||||
@@ -203,7 +203,7 @@ func TestAuthorizeHandlerEmptyResource(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
payload := models.AuthorizationContext{
|
||||
@@ -229,7 +229,7 @@ func TestAuthorizeHandlerEmptyAction(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
payload := models.AuthorizationContext{
|
||||
@@ -270,7 +270,7 @@ func TestAuthorizeHandlerMalformedJSON(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
@@ -327,7 +327,7 @@ func TestAuthorizeHandlerSpecialCharactersInFields(t *testing.T) {
|
||||
testClaims := &models.Claims{
|
||||
UserID: tc.userID,
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), testClaims)
|
||||
req = req.WithContext(ctx)
|
||||
|
||||
+3
-3
@@ -19,7 +19,7 @@ const (
|
||||
claimsKey models.ContextKey = "claims"
|
||||
userIDKey models.ContextKey = "user_id"
|
||||
usernameKey models.ContextKey = "username"
|
||||
roleKey models.ContextKey = "role"
|
||||
roleIDKey models.ContextKey = "role_id"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -178,7 +178,7 @@ func buildContext(parent context.Context, claims *models.Claims) context.Context
|
||||
ctx := context.WithValue(parent, claimsKey, claims)
|
||||
ctx = context.WithValue(ctx, userIDKey, claims.UserID)
|
||||
ctx = context.WithValue(ctx, usernameKey, claims.Username)
|
||||
ctx = context.WithValue(ctx, roleKey, claims.Role)
|
||||
ctx = context.WithValue(ctx, roleIDKey, claims.RoleID)
|
||||
return ctx
|
||||
}
|
||||
|
||||
@@ -202,6 +202,6 @@ func GetUsername(r *http.Request) (string, bool) {
|
||||
|
||||
// GetRole retrieves the role from the request context
|
||||
func GetRole(r *http.Request) (string, bool) {
|
||||
role, ok := r.Context().Value(roleKey).(string)
|
||||
role, ok := r.Context().Value(roleIDKey).(string)
|
||||
return role, ok
|
||||
}
|
||||
|
||||
+15
-15
@@ -132,7 +132,7 @@ func TestParseAndValidateToken(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
@@ -164,7 +164,7 @@ func TestParseAndValidateToken(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
|
||||
},
|
||||
@@ -184,7 +184,7 @@ func TestBuildContext(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
parent := context.Background()
|
||||
@@ -206,7 +206,7 @@ func TestBuildContext(t *testing.T) {
|
||||
}
|
||||
|
||||
// Check role
|
||||
if val, ok := ctx.Value(roleKey).(string); !ok || val != "admin" {
|
||||
if val, ok := ctx.Value(roleIDKey).(string); !ok || val != "admin" {
|
||||
t.Error("Role not properly set in context")
|
||||
}
|
||||
}
|
||||
@@ -215,7 +215,7 @@ func TestGetClaims(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/", nil)
|
||||
@@ -261,7 +261,7 @@ func TestGetUsername(t *testing.T) {
|
||||
|
||||
func TestGetRole(t *testing.T) {
|
||||
req := httptest.NewRequest("GET", "/", nil)
|
||||
ctx := context.WithValue(req.Context(), roleKey, "admin")
|
||||
ctx := context.WithValue(req.Context(), roleIDKey, "admin")
|
||||
req = req.WithContext(ctx)
|
||||
|
||||
role, ok := GetRole(req)
|
||||
@@ -318,7 +318,7 @@ func TestJWTAuthValidToken(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
@@ -413,7 +413,7 @@ func TestBuildContextWithDifferentRoles(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: role,
|
||||
RoleID: role,
|
||||
}
|
||||
|
||||
req := httptest.NewRequest("GET", "/", nil)
|
||||
@@ -424,8 +424,8 @@ func TestBuildContextWithDifferentRoles(t *testing.T) {
|
||||
if !ok {
|
||||
t.Error("Claims not found in context")
|
||||
}
|
||||
if retrievedClaims.Role != role {
|
||||
t.Errorf("Role = %q, want %q", retrievedClaims.Role, role)
|
||||
if retrievedClaims.RoleID != role {
|
||||
t.Errorf("Role = %q, want %q", retrievedClaims.RoleID, role)
|
||||
}
|
||||
})
|
||||
}
|
||||
@@ -528,7 +528,7 @@ func TestJWTAuthExpiredToken(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
|
||||
},
|
||||
@@ -568,7 +568,7 @@ func TestJWTAuthTokenWithMissingClaims(t *testing.T) {
|
||||
"Missing UserID",
|
||||
&models.Claims{
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
@@ -578,7 +578,7 @@ func TestJWTAuthTokenWithMissingClaims(t *testing.T) {
|
||||
"Missing Username",
|
||||
&models.Claims{
|
||||
UserID: "user123",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
@@ -636,7 +636,7 @@ func TestJWTAuthConcurrentRequests(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
@@ -687,7 +687,7 @@ func TestJWTAuthTokenSignedWithWrongKey(t *testing.T) {
|
||||
claims := &models.Claims{
|
||||
UserID: "user123",
|
||||
Username: "testuser",
|
||||
Role: "admin",
|
||||
RoleID: "admin",
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
|
||||
},
|
||||
|
||||
+2
-1
@@ -20,7 +20,8 @@ type AuthorizationResponse struct {
|
||||
type Claims struct {
|
||||
UserID string `json:"user_id"`
|
||||
Username string `json:"username"`
|
||||
Role string `json:"role"`
|
||||
EmailAddress string `json:"email_address"`
|
||||
RoleID string `json:"role_id"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user