Use golang-jwt/jwt instead of form3tech-oss/jwt-go (#5532)
This commit is contained in:
hongming
@@ -29,7 +29,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
"github.com/onsi/gomega/gexec"
|
||||
|
||||
@@ -28,14 +28,12 @@ import (
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication"
|
||||
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -80,7 +78,7 @@ type Issuer interface {
|
||||
}
|
||||
|
||||
type Claims struct {
|
||||
jwt.StandardClaims
|
||||
jwt.RegisteredClaims
|
||||
// Private Claim Names
|
||||
// TokenType defined the type of the token
|
||||
TokenType Type `json:"token_type,omitempty"`
|
||||
@@ -121,13 +119,13 @@ type issuer struct {
|
||||
}
|
||||
|
||||
func (s *issuer) IssueTo(request *IssueRequest) (string, error) {
|
||||
issueAt := time.Now().Unix()
|
||||
issueAt := time.Now()
|
||||
claims := Claims{
|
||||
Username: request.User.GetName(),
|
||||
Extra: request.User.GetExtra(),
|
||||
TokenType: request.TokenType,
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
IssuedAt: issueAt,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
IssuedAt: jwt.NewNumericDate(issueAt),
|
||||
Subject: request.User.GetName(),
|
||||
Issuer: s.name,
|
||||
},
|
||||
@@ -155,7 +153,7 @@ func (s *issuer) IssueTo(request *IssueRequest) (string, error) {
|
||||
claims.Scopes = request.Scopes
|
||||
}
|
||||
if request.ExpiresIn > 0 {
|
||||
claims.ExpiresAt = claims.IssuedAt + int64(request.ExpiresIn.Seconds())
|
||||
claims.ExpiresAt = jwt.NewNumericDate(issueAt.Add(request.ExpiresIn))
|
||||
}
|
||||
|
||||
var token string
|
||||
@@ -175,11 +173,8 @@ func (s *issuer) IssueTo(request *IssueRequest) (string, error) {
|
||||
}
|
||||
|
||||
func (s *issuer) Verify(token string) (*VerifiedResponse, error) {
|
||||
parser := jwt.Parser{
|
||||
ValidMethods: []string{jwt.SigningMethodHS256.Alg(), jwt.SigningMethodRS256.Alg()},
|
||||
UseJSONNumber: false,
|
||||
SkipClaimsValidation: true,
|
||||
}
|
||||
parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg(), jwt.SigningMethodRS256.Alg()}),
|
||||
jwt.WithoutClaimsValidation())
|
||||
|
||||
var claims Claims
|
||||
_, err := parser.ParseWithClaims(token, &claims, s.keyFunc)
|
||||
@@ -188,16 +183,16 @@ func (s *issuer) Verify(token string) (*VerifiedResponse, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
now := time.Now().Unix()
|
||||
now := time.Now()
|
||||
if !claims.VerifyExpiresAt(now, false) {
|
||||
delta := time.Unix(now, 0).Sub(time.Unix(claims.ExpiresAt, 0))
|
||||
delta := now.Sub(claims.ExpiresAt.Time)
|
||||
err = fmt.Errorf("jwt: token is expired by %v", delta)
|
||||
klog.V(4).Info(err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// allowing a clock skew when checking the time-based values.
|
||||
skewedTime := now + int64(s.maximumClockSkew.Seconds())
|
||||
skewedTime := now.Add(s.maximumClockSkew)
|
||||
if !claims.VerifyIssuedAt(skewedTime, false) {
|
||||
err = fmt.Errorf("jwt: token used before issued, iat:%v, now:%v", claims.IssuedAt, now)
|
||||
klog.Warning(err)
|
||||
|
||||
@@ -21,10 +21,9 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication"
|
||||
|
||||
@@ -23,20 +23,9 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication/token"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
@@ -45,10 +34,15 @@ import (
|
||||
iamv1alpha2 "kubesphere.io/api/iam/v1alpha2"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/authentication/token"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/query"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/request"
|
||||
"kubesphere.io/kubesphere/pkg/models/auth"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam/im"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -298,7 +292,7 @@ func (h *handler) authorize(req *restful.Request, response *restful.Response) {
|
||||
code, err := h.tokenOperator.IssueTo(&token.IssueRequest{
|
||||
User: authenticated,
|
||||
Claims: token.Claims{
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Audience: []string{clientID},
|
||||
},
|
||||
TokenType: token.AuthorizationCode,
|
||||
@@ -602,7 +596,7 @@ func (h *handler) codeGrant(req *restful.Request, response *restful.Response) {
|
||||
idTokenRequest := &token.IssueRequest{
|
||||
User: authorizeContext.User,
|
||||
Claims: token.Claims{
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Audience: authorizeContext.Audience,
|
||||
},
|
||||
Nonce: authorizeContext.Nonce,
|
||||
@@ -678,7 +672,7 @@ func (h *handler) userinfo(req *restful.Request, response *restful.Response) {
|
||||
}
|
||||
|
||||
result := token.Claims{
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Subject: detail.Name,
|
||||
},
|
||||
Name: detail.Name,
|
||||
|
||||
@@ -28,7 +28,7 @@ import (
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/form3tech-oss/jwt-go"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
|
||||
authtoken "kubesphere.io/kubesphere/pkg/apiserver/authentication/token"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
|
||||
Reference in New Issue
Block a user