3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 20:36:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: use session.user_id in headers (#2571)

Browse source
This commit is contained in:
Caleb Doxsey 2021-09-03 14:51:09 -06:00 committed by GitHub
parent 0c2a08b5a3
commit 0786c7fc45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
authorize/evaluator/headers_evaluator_test.go
View file

@ -80,8 +80,8 @@ func TestHeadersEvaluator(t *testing.T) {
t.Run("jwt", func(t *testing.T) {
output, err := eval(t,
[]proto.Message{
&session.Session{Id: "s1", ImpersonateSessionId: proto.String("s2")},
&session.Session{Id: "s2"},
&session.Session{Id: "s1", ImpersonateSessionId: proto.String("s2"), UserId: "u1"},
&session.Session{Id: "s2", UserId: "u2"},
},
&HeadersRequest{
FromAudience: "from.example.com",
@ -103,5 +103,7 @@ func TestHeadersEvaluator(t *testing.T) {
assert.LessOrEqual(t, claims["exp"], float64(time.Now().Add(time.Minute*6).Unix()),
"JWT should expire within 5 minutes, but got: %v", claims["exp"])
assert.Equal(t, "s1", claims["sid"], "should set session id to input session id")
assert.Equal(t, "u2", claims["sub"], "should set subject to user id")
assert.Equal(t, "u2", claims["user"], "should set user to user id")
})
}

4
authorize/evaluator/opa/policy/headers.rego
View file

@ -110,13 +110,13 @@ jwt_payload_iat = v {
}
jwt_payload_sub = v {
v = user.id
v = session.user_id
} else = "" {
true
}
jwt_payload_user = v {
v = user.id
v = session.user_id
} else = "" {
true
}