Skip to content

Commit

Permalink
Add support for importing ephemeral users from claims
Browse files Browse the repository at this point in the history
Implemented the `ImportEphemeral` for handling ephemeral users with claims. Updated interfaces and tests to reflect this new functionality. Fixed minor import ordering issues in test files for consistency.
  • Loading branch information
aricart committed Dec 19, 2024
1 parent 2e198d6 commit da08792
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 3 deletions.
3 changes: 2 additions & 1 deletion tests/accounts_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ package tests

import (
"fmt"
"github.com/nats-io/nkeys"
"time"

"github.com/nats-io/nkeys"

"github.com/nats-io/jwt/v2"
authb "github.com/synadia-io/jwt-auth-builder.go"
)
Expand Down
3 changes: 2 additions & 1 deletion tests/external_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ package tests

import (
"fmt"
"testing"

"github.com/nats-io/nkeys"
"github.com/stretchr/testify/assert"
authb "github.com/synadia-io/jwt-auth-builder.go"
nsc "github.com/synadia-io/jwt-auth-builder.go/providers/nsc"
"testing"
)

func TestExternal(v *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion tests/users_test.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
package tests

import (
"github.com/nats-io/nkeys"
"time"

"github.com/nats-io/nkeys"

"github.com/nats-io/jwt/v2"
authb "github.com/synadia-io/jwt-auth-builder.go"
)
Expand Down
2 changes: 2 additions & 0 deletions types.go
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,8 @@ type Users interface {
// If the provided ID is only a public key the user will be ephemeral and will not stored,
// other operations, as cred generation will fail
AddWithIdentity(name string, signer string, id string) (User, error)
// ImportEphemeral imports an ephemeral user from a claim
ImportEphemeral(c *jwt.UserClaims, key string) (User, error)
// Delete the user by matching its name or subject
Delete(name string) error
// Get returns the user by matching its name or subject
Expand Down
37 changes: 37 additions & 0 deletions users.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,43 @@ func (a *UsersImpl) Add(name string, key string) (User, error) {
return a.add(name, key, uk)
}

func (a *UsersImpl) ImportEphemeral(c *jwt.UserClaims, key string) (User, error) {
if key == "" {
key = a.accountData.Key.Public
}
k, signingKey, err := a.accountData.getKey(key)
if err != nil {
return nil, err
}

id, err := KeyFrom(c.Subject, nkeys.PrefixByteUser)
if err != nil {
return nil, err
}
ok, scoped := a.accountData.ScopedSigningKeys().Contains(key)

d := &UserData{
BaseData: BaseData{EntityName: c.Name, Key: id, Modified: true},
AccountData: a.accountData,
Claim: c,
RejectEdits: ok && scoped,
Ephemeral: true,
}
d.Claim.Name = c.Name
if signingKey {
d.Claim.IssuerAccount = a.accountData.Key.Public
}
if scoped {
d.Claim.UserPermissionLimits = jwt.UserPermissionLimits{}
}
d.Token, err = a.accountData.Operator.SigningService.Sign(d.Claim, k)
if err != nil {
return nil, err
}
a.accountData.UserDatas = append(a.accountData.UserDatas, d)
return d, nil
}

func (a *UsersImpl) add(name string, key string, uk *Key) (User, error) {
if key == "" {
key = a.accountData.Key.Public
Expand Down

0 comments on commit da08792

Please sign in to comment.