admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed username

Browse Source
This commit is contained in:
F04C
2026-01-16 10:50:50 +08:00
parent a361140629
commit 509a502a85
6 changed files with 36 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/QUICK_START.md
+2 -2
View File
@@ -153,8 +153,8 @@ Your JWT should include these claims:
```json
{
"user_id": "U0000000001",
"username": "darrel.israel",
"role": "Super Admin",
"email_address": "darrel.israel@example.com",
"role_id": "SuperAdmin",
"exp": 1702123456
}
```
handlers/authorize.go
+1 -1
View File
@@ -54,7 +54,7 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
}
log.Print("Authorization request for user=", ctx.UserID, ", resource=", ctx.Resource, ", action=", ctx.Action)
log.Print("JWT claims user=", claims.UserID, ", username=", claims.Username, ", role=", claims.RoleID)
log.Print("JWT claims user=", claims.UserID, ", role=", claims.RoleID)
// Verify JWT user matches request user (security check)
if ctx.UserID != claims.UserID {
helper.RespondWithError(w, http.StatusForbidden, "User ID mismatch")
handlers/authorize_test.go
+18 -27
View File
@@ -44,9 +44,8 @@ func TestAuthorizeHandlerNoJWTClaims(t *testing.T) {
func TestAuthorizeHandlerInvalidJSON(t *testing.T) {
// Setup - no need to init service, we're testing JSON parsing before auth
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
req := httptest.NewRequest("POST", AuthCheckEndpoint, bytes.NewBufferString("invalid json"))
@@ -85,9 +84,8 @@ func TestAuthorizeHandlerMissingRequiredFields(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
body, _ := json.Marshal(tc.payload)
@@ -108,9 +106,8 @@ func TestAuthorizeHandlerMissingRequiredFields(t *testing.T) {
func TestAuthorizeHandlerUserIDMismatch(t *testing.T) {
// Setup
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
payload := models.AuthorizationContext{
@@ -137,9 +134,8 @@ func TestAuthorizeHandlerUserIDMismatch(t *testing.T) {
func TestAuthorizeHandlerNilMaps(t *testing.T) {
// Test that nil maps don't cause additional panics beyond missing authService
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
payload := models.AuthorizationContext{
@@ -175,9 +171,8 @@ func TestAuthorizeHandlerNilMaps(t *testing.T) {
func TestAuthorizeHandlerEmptyUserID(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
payload := models.AuthorizationContext{
@@ -201,9 +196,8 @@ func TestAuthorizeHandlerEmptyUserID(t *testing.T) {
func TestAuthorizeHandlerEmptyResource(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
payload := models.AuthorizationContext{
@@ -227,9 +221,8 @@ func TestAuthorizeHandlerEmptyResource(t *testing.T) {
func TestAuthorizeHandlerEmptyAction(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
payload := models.AuthorizationContext{
@@ -268,9 +261,8 @@ func TestAuthorizeHandlerInvalidClaimsType(t *testing.T) {
func TestAuthorizeHandlerMalformedJSON(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
testCases := []struct {
@@ -325,9 +317,8 @@ func TestAuthorizeHandlerSpecialCharactersInFields(t *testing.T) {
// Update claims to match userID
testClaims := &models.Claims{
UserID: tc.userID,
Username: "testuser",
RoleID: "admin",
UserID: tc.userID,
RoleID: "admin",
}
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), testClaims)
req = req.WithContext(ctx)
middleware/jwt.go
+4 -12
View File
@@ -20,10 +20,9 @@ import (
)
const (
claimsKey models.ContextKey = "claims"
userIDKey models.ContextKey = "user_id"
usernameKey models.ContextKey = "username"
roleIDKey models.ContextKey = "role_id"
claimsKey models.ContextKey = "claims"
userIDKey models.ContextKey = "user_id"
roleIDKey models.ContextKey = "role_id"
)
var (
@@ -165,7 +164,7 @@ func parseAndValidateToken(tokenString string) (*models.Claims, error) {
return nil, fmt.Errorf("invalid claims")
}
log.Printf("Token verified successfully for user: %s (UserID: %s)", claims.Username, claims.UserID)
log.Printf("Token verified successfully for user: (UserID: %s)", claims.UserID)
return claims, nil
}
@@ -237,7 +236,6 @@ func JWTAuth(next http.HandlerFunc) http.HandlerFunc {
func buildContext(parent context.Context, claims *models.Claims) context.Context {
ctx := context.WithValue(parent, claimsKey, claims)
ctx = context.WithValue(ctx, userIDKey, claims.UserID)
ctx = context.WithValue(ctx, usernameKey, claims.Username)
ctx = context.WithValue(ctx, roleIDKey, claims.RoleID)
return ctx
}
@@ -254,12 +252,6 @@ func GetUserID(r *http.Request) (string, bool) {
return userID, ok
}
// GetUsername retrieves the username from the request context
func GetUsername(r *http.Request) (string, bool) {
username, ok := r.Context().Value(usernameKey).(string)
return username, ok
}
// GetRole retrieves the role from the request context
func GetRole(r *http.Request) (string, bool) {
role, ok := r.Context().Value(roleIDKey).(string)
middleware/jwt_test.go
+11 -59
View File
@@ -160,9 +160,8 @@ func TestParseAndValidateToken(t *testing.T) {
func TestBuildContext(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
parent := context.Background()
@@ -178,11 +177,6 @@ func TestBuildContext(t *testing.T) {
t.Error("UserID not properly set in context")
}
// Check username
if val, ok := ctx.Value(usernameKey).(string); !ok || val != "testuser" {
t.Error("Username not properly set in context")
}
// Check role
if val, ok := ctx.Value(roleIDKey).(string); !ok || val != "admin" {
t.Error("Role not properly set in context")
@@ -191,9 +185,8 @@ func TestBuildContext(t *testing.T) {
func TestGetClaims(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
}
req := httptest.NewRequest("GET", "/", nil)
@@ -223,20 +216,6 @@ func TestGetUserID(t *testing.T) {
}
}
func TestGetUsername(t *testing.T) {
req := httptest.NewRequest("GET", "/", nil)
ctx := context.WithValue(req.Context(), usernameKey, "testuser")
req = req.WithContext(ctx)
username, ok := GetUsername(req)
if !ok {
t.Error("Expected username to be found")
}
if username != "testuser" {
t.Errorf("Expected 'testuser', got '%s'", username)
}
}
func TestGetRole(t *testing.T) {
req := httptest.NewRequest("GET", "/", nil)
ctx := context.WithValue(req.Context(), roleIDKey, "admin")
@@ -354,9 +333,8 @@ func TestBuildContextWithDifferentRoles(t *testing.T) {
for _, role := range roles {
t.Run("Role: "+role, func(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: role,
UserID: "user123",
RoleID: role,
}
req := httptest.NewRequest("GET", "/", nil)
@@ -412,18 +390,6 @@ func TestGetUserIDWithNoClaims(t *testing.T) {
}
}
func TestGetUsernameWithNoClaims(t *testing.T) {
req := httptest.NewRequest("GET", "/", nil)
username, ok := GetUsername(req)
if ok {
t.Error("Expected ok=false when no claims")
}
if username != "" {
t.Errorf("Expected empty string, got %q", username)
}
}
func TestGetRoleWithNoClaims(t *testing.T) {
req := httptest.NewRequest("GET", "/", nil)
@@ -471,17 +437,6 @@ func TestJWTAuthTokenWithMissingClaims(t *testing.T) {
{
"Missing UserID",
&models.Claims{
Username: "testuser",
RoleID: "admin",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
},
},
},
{
"Missing Username",
&models.Claims{
UserID: "user123",
RoleID: "admin",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
@@ -491,8 +446,7 @@ func TestJWTAuthTokenWithMissingClaims(t *testing.T) {
{
"Missing Role",
&models.Claims{
UserID: "user123",
Username: "testuser",
UserID: "user123",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
},
@@ -533,9 +487,8 @@ func TestJWTAuthConcurrentRequests(t *testing.T) {
t.Skip("Requires RSA certificate setup - integration test")
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
},
@@ -579,9 +532,8 @@ func TestJWTAuthTokenSignedWithWrongKey(t *testing.T) {
// Create token with wrong key
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
RoleID: "admin",
UserID: "user123",
RoleID: "admin",
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
},
models/authorize.go
-1
View File
@@ -19,7 +19,6 @@ type AuthorizationResponse struct {
type Claims struct {
UserID string `json:"user_id"`
Username string `json:"username"`
EmailAddress string `json:"email_address"`
RoleID string `json:"role_id"`
jwt.RegisteredClaims