hongming
@@ -3,6 +3,7 @@ package token
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"kubesphere.io/kubesphere/pkg/api/iam"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"time"
|
||||
)
|
||||
@@ -12,9 +13,9 @@ const DefaultIssuerName = "kubesphere"
|
||||
var errInvalidToken = errors.New("invalid token")
|
||||
|
||||
type claims struct {
|
||||
Username string `json:"username"`
|
||||
UID string `json:"uid"`
|
||||
Groups []string `json:"groups"`
|
||||
Username string `json:"username"`
|
||||
UID string `json:"uid"`
|
||||
Email string `json:"email"`
|
||||
// Currently, we are not using any field in jwt.StandardClaims
|
||||
jwt.StandardClaims
|
||||
}
|
||||
@@ -37,14 +38,14 @@ func (s *jwtTokenIssuer) Verify(tokenString string) (User, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &AuthUser{Name: clm.Username, UID: clm.UID, Groups: clm.Groups}, nil
|
||||
return &iam.User{Name: clm.Username, UID: clm.UID, Email: clm.Email}, nil
|
||||
}
|
||||
|
||||
func (s *jwtTokenIssuer) IssueTo(user User) (string, error) {
|
||||
clm := &claims{
|
||||
Username: user.GetName(),
|
||||
UID: user.GetUID(),
|
||||
Groups: user.GetGroups(),
|
||||
Email: user.GetEmail(),
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
IssuedAt: time.Now().Unix(),
|
||||
Issuer: s.name,
|
||||
|
||||
@@ -2,6 +2,7 @@ package token
|
||||
|
||||
import (
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"kubesphere.io/kubesphere/pkg/api/iam"
|
||||
"testing"
|
||||
)
|
||||
|
||||
@@ -12,19 +13,22 @@ func TestJwtTokenIssuer(t *testing.T) {
|
||||
description string
|
||||
name string
|
||||
uid string
|
||||
email string
|
||||
}{
|
||||
{
|
||||
name: "admin",
|
||||
uid: "b8be6edd-2c92-4535-9b2a-df6326474458",
|
||||
name: "admin",
|
||||
uid: "b8be6edd-2c92-4535-9b2a-df6326474458",
|
||||
email: "admin@kubesphere.io",
|
||||
},
|
||||
{
|
||||
name: "bar",
|
||||
uid: "b8be6edd-2c92-4535-9b2a-df6326474452",
|
||||
name: "bar",
|
||||
uid: "b8be6edd-2c92-4535-9b2a-df6326474452",
|
||||
email: "bar@kubesphere.io",
|
||||
},
|
||||
}
|
||||
|
||||
for _, testCase := range testCases {
|
||||
user := &AuthUser{
|
||||
user := &iam.User{
|
||||
Name: testCase.name,
|
||||
UID: testCase.uid,
|
||||
}
|
||||
|
||||
@@ -7,24 +7,6 @@ type User interface {
|
||||
// UID
|
||||
GetUID() string
|
||||
|
||||
// Groups
|
||||
GetGroups() []string
|
||||
}
|
||||
|
||||
type AuthUser struct {
|
||||
Name string
|
||||
UID string
|
||||
Groups []string
|
||||
}
|
||||
|
||||
func (a AuthUser) GetName() string {
|
||||
return a.Name
|
||||
}
|
||||
|
||||
func (a AuthUser) GetUID() string {
|
||||
return a.UID
|
||||
}
|
||||
|
||||
func (a AuthUser) GetGroups() []string {
|
||||
return a.Groups
|
||||
// Email
|
||||
GetEmail() string
|
||||
}
|
||||
|
||||
@@ -6,30 +6,30 @@ import (
|
||||
)
|
||||
|
||||
type User struct {
|
||||
Username string `json:"username"`
|
||||
Name string `json:"username"`
|
||||
UID string `json:"uid"`
|
||||
Email string `json:"email"`
|
||||
Lang string `json:"lang,omitempty"`
|
||||
Description string `json:"description"`
|
||||
CreateTime time.Time `json:"create_time"`
|
||||
CreateTime time.Time `json:"createTime"`
|
||||
Groups []string `json:"groups,omitempty"`
|
||||
Password string `json:"password,omitempty"`
|
||||
}
|
||||
|
||||
func (u *User) GetName() string {
|
||||
return u.Username
|
||||
return u.Name
|
||||
}
|
||||
|
||||
func (u *User) GetUID() string {
|
||||
return u.UID
|
||||
}
|
||||
|
||||
func (u *User) GetGroups() []string {
|
||||
return u.Groups
|
||||
func (u *User) GetEmail() string {
|
||||
return u.Email
|
||||
}
|
||||
|
||||
func (u *User) Validate() error {
|
||||
if u.Username == "" {
|
||||
if u.Name == "" {
|
||||
return errors.New("username can not be empty")
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user