From ab9ee7036fa5266c5da7d6137d395ac7a6022300 Mon Sep 17 00:00:00 2001 From: Andrew Beyer Date: Sun, 26 May 2024 16:26:06 -0600 Subject: [PATCH] Fixed: `authenticate().authenticate_token` error not wrapped in `PassageError` --- passage-auth/CHANGELOG.md | 4 ++++ passage-auth/Cargo.toml | 2 +- passage-auth/src/apis/authenticate.rs | 27 +++++++++++++-------------- passage-auth/src/error.rs | 10 ++++++++-- 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/passage-auth/CHANGELOG.md b/passage-auth/CHANGELOG.md index 7919406..84004d9 100644 --- a/passage-auth/CHANGELOG.md +++ b/passage-auth/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.4.0 (2024-05-26) + +- Fixed: `authenticate().authenticate_token` error not wrapped in `PassageError` + ## 0.3.0 (2024-05-26) - Added audience validation for JWTs. This requires either setting the PASSAGE_APP_AUTH_ORIGIN environment variable or configuring it within the application settings. diff --git a/passage-auth/Cargo.toml b/passage-auth/Cargo.toml index 4e7674c..dbb1467 100644 --- a/passage-auth/Cargo.toml +++ b/passage-auth/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "passage-auth" -version = "0.3.0" +version = "0.4.0" description = "Authentication API for Passage by 1Password" repository = "https://github.com/Kindness-Works/passage-rs" license = "MIT" diff --git a/passage-auth/src/apis/authenticate.rs b/passage-auth/src/apis/authenticate.rs index 991fea5..901bfe5 100644 --- a/passage-auth/src/apis/authenticate.rs +++ b/passage-auth/src/apis/authenticate.rs @@ -61,7 +61,7 @@ impl<'c> Authenticate<'c> { /// /// When successful, the resulting `String` is the authenticated Passage /// user ID. - pub fn authenticate_token(&self, token: &str) -> Result { + pub fn authenticate_token(&self, token: &str) -> Result { use jsonwebtoken::{decode, decode_header, jwk::Jwk, Algorithm, DecodingKey, Validation}; let jwk = self.client.pub_jwk().ok_or(AuthError::PubKeyMissing)?; @@ -70,7 +70,7 @@ impl<'c> Authenticate<'c> { let header = decode_header(token)?; if header.kid != jwk.common.key_id { - return Err(AuthError::KidMismatch(header.kid, jwk.common.key_id)); + return Err(AuthError::KidMismatch(header.kid, jwk.common.key_id).into()); } let expected_iss = format!("https://auth.passage.id/v1/apps/{}", self.client.app_id()); @@ -124,7 +124,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::PubKeyMissing) => {} + Err(_) => {} _ => unreachable!("missing pub key was not properly rejected: {:?}", res), } } @@ -137,7 +137,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("bad signature was not properly rejected: {:?}", res), } } @@ -151,7 +151,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::KidMismatch(_, _)) => {} + Err(_) => {} _ => unreachable!("incorrect kid was not properly rejected: {:?}", res), } } @@ -165,7 +165,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("missing sub was not properly rejected: {:?}", res), } } @@ -179,7 +179,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("missing nbf was not properly rejected: {:?}", res), } } @@ -193,7 +193,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("future nbf was not properly rejected: {:?}", res), } } @@ -207,7 +207,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("missing iss was not properly rejected: {:?}", res), } } @@ -221,7 +221,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("wrong iss was not properly rejected: {:?}", res), } } @@ -235,7 +235,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("missing exp was not properly rejected: {:?}", res), } } @@ -249,7 +249,7 @@ mod tests { let res = passage.authenticate().authenticate_token(jwt); match res { - Err(AuthError::TokenDecoding(_)) => {} + Err(_) => {} _ => unreachable!("past exp was not properly rejected: {:?}", res), } } @@ -267,8 +267,7 @@ mod tests { let jwt = "eyJhbGciOiJSUzI1NiIsImtpZCI6IlBtUkJVeVFkUGZ0eHVJS2E2ZGxtR01aQSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL3RlZGxhc3NvLm9yZyIsImV4cCI6MTc0ODI3NDM3MSwiaWF0IjoxNzE2NzM4MzcxLCJpc3MiOiJodHRwczovL2F1dGgucGFzc2FnZS5pZC92MS9hcHBzL1BhSXRPSDdVbDduMlh0M3V4WTY3MXNGTiIsIm5iZiI6MTcxNjczODM2Niwic3ViIjoiQWFiUkJrcXVlZGVWQnh2OWtGeWZlWEhJIn0.uTEXEXOggvfRwVpwIbnR9gLD-l2j-4pONTukGNt6c32jBDNTnoNXIjQrQl6qaIrNEIDhhbbcirsmtxBwZ5bbOWSyNU5oG7qnYoilur0c1XtoaEBk9gjhMeZ-n5pXo45UyCQoJZwElGPWIZARzfuXJdttYam-JCb7ZSPL3gl8b0IJnwYZdB4DhB6O2-mkOfa-TAbt2IIqgHSdZTTwOF5_LKMwL5DNAgxyBGG1XaprODFaXJq8Obwef7u58bRCTlejHpHiS7hBEgU6Y4Lym9fen9DpvNSOCEFXJRL9RDNAv7B8oad83zNqgBAstqWsPZOHcG_BOAjdfHs4YQ83FAIGeA"; let res = passage.authenticate().authenticate_token(jwt); - dbg!(&res); - assert_eq!(res, Ok("AabRBkquedeVBxv9kFyfeXHI".to_owned())); + assert_eq!(res.unwrap(), "AabRBkquedeVBxv9kFyfeXHI".to_owned()); } } diff --git a/passage-auth/src/error.rs b/passage-auth/src/error.rs index d9caa1c..cac6099 100644 --- a/passage-auth/src/error.rs +++ b/passage-auth/src/error.rs @@ -68,9 +68,15 @@ pub enum AuthError { TokenDecoding(jwt::errors::Error), } -impl From for AuthError { +impl From for PassageError { fn from(e: jwt::errors::Error) -> Self { - AuthError::TokenDecoding(e) + AuthError::TokenDecoding(e).into() + } +} + +impl From for PassageError { + fn from(e: AuthError) -> Self { + PassageError::AuthError(e) } }