You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/05/27 09:30:12 UTC

[couchdb] branch draft_allow_nested_json_claim_roles created (now dda9dfb32)

This is an automated email from the ASF dual-hosted git repository.

ronny pushed a change to branch draft_allow_nested_json_claim_roles
in repository https://gitbox.apache.org/repos/asf/couchdb.git


      at dda9dfb32 Allow and evaluate nested json claim roles

This branch includes the following new commits:

     new dda9dfb32 Allow and evaluate nested json claim roles

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: Allow and evaluate nested json claim roles

Posted by ro...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

ronny pushed a commit to branch draft_allow_nested_json_claim_roles
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit dda9dfb32ab600fd55e975852e4f9873794207a6
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Fri May 27 11:29:54 2022 +0200

    Allow and evaluate nested json claim roles
---
 src/couch/src/couch_httpd_auth.erl | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 24a0c15ed..d7bef0193 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -227,6 +227,19 @@ jwt_authentication_handler(Req) ->
             RequiredClaims = get_configured_claims(),
             case jwtf:decode(?l2b(Jwt), [alg | RequiredClaims], fun jwtf_keystore:get/2) of
                 {ok, {Claims}} ->
+                    couch_log:info("Claims: ~p", [Claims]),
+                    Roles_Claim_Name = config:get(
+                        "jwt_auth", "roles_claim_name", "_couchdb.roles"
+                    ),
+                    Roles_Claim_Path = [list_to_binary(Item) || Item <- string:split(config:get(
+                        "jwt_auth", "roles_claim_path", ""
+                    ), ".")],
+                    Roles_Full_Path = lists:append(Roles_Claim_Path, [list_to_binary(Roles_Claim_Name)]),
+                    Roles = couch_util:get_nested_json_value({Claims},Roles_Full_Path),
+                    couch_log:info("Roles Claim Path: ~p", [Roles_Claim_Path]),
+                    couch_log:info("Roles Claim Name: ~p", [Roles_Claim_Name]),
+                    couch_log:info("Roles Full Name:  ~p", [Roles_Full_Path]),
+                    couch_log:info("Nested-Claim-Roles:  ~p", [Roles]),
                     case lists:keyfind(<<"sub">>, 1, Claims) of
                         false ->
                             throw({unauthorized, <<"Token missing sub claim.">>});
@@ -234,15 +247,7 @@ jwt_authentication_handler(Req) ->
                             Req#httpd{
                                 user_ctx = #user_ctx{
                                     name = User,
-                                    roles = couch_util:get_value(
-                                        ?l2b(
-                                            config:get(
-                                                "jwt_auth", "roles_claim_name", "_couchdb.roles"
-                                            )
-                                        ),
-                                        Claims,
-                                        []
-                                    )
+                                    roles = Roles
                                 }
                             }
                     end;