c76ad94492
This commit adds a build step to travis to auto-delete unstable archives older than 14 days (our regular release schedule) from Azure via ci.go purge. The commit also pulls in the latest Azure storage code, also switching over from the old import path (github.com/Azure/azure-sdk-for-go) to the new split one (github.com/Azure/azure-storage-go).
95 lines
2.6 KiB
Go
95 lines
2.6 KiB
Go
package jwt
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
// "fmt"
|
|
)
|
|
|
|
// Claims type that uses the map[string]interface{} for JSON decoding
|
|
// This is the default claims type if you don't supply one
|
|
type MapClaims map[string]interface{}
|
|
|
|
// Compares the aud claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
|
|
aud, _ := m["aud"].(string)
|
|
return verifyAud(aud, cmp, req)
|
|
}
|
|
|
|
// Compares the exp claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
|
|
switch exp := m["exp"].(type) {
|
|
case float64:
|
|
return verifyExp(int64(exp), cmp, req)
|
|
case json.Number:
|
|
v, _ := exp.Int64()
|
|
return verifyExp(v, cmp, req)
|
|
}
|
|
return req == false
|
|
}
|
|
|
|
// Compares the iat claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
|
|
switch iat := m["iat"].(type) {
|
|
case float64:
|
|
return verifyIat(int64(iat), cmp, req)
|
|
case json.Number:
|
|
v, _ := iat.Int64()
|
|
return verifyIat(v, cmp, req)
|
|
}
|
|
return req == false
|
|
}
|
|
|
|
// Compares the iss claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
|
|
iss, _ := m["iss"].(string)
|
|
return verifyIss(iss, cmp, req)
|
|
}
|
|
|
|
// Compares the nbf claim against cmp.
|
|
// If required is false, this method will return true if the value matches or is unset
|
|
func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
|
|
switch nbf := m["nbf"].(type) {
|
|
case float64:
|
|
return verifyNbf(int64(nbf), cmp, req)
|
|
case json.Number:
|
|
v, _ := nbf.Int64()
|
|
return verifyNbf(v, cmp, req)
|
|
}
|
|
return req == false
|
|
}
|
|
|
|
// Validates time based claims "exp, iat, nbf".
|
|
// There is no accounting for clock skew.
|
|
// As well, if any of the above claims are not in the token, it will still
|
|
// be considered a valid claim.
|
|
func (m MapClaims) Valid() error {
|
|
vErr := new(ValidationError)
|
|
now := TimeFunc().Unix()
|
|
|
|
if m.VerifyExpiresAt(now, false) == false {
|
|
vErr.Inner = errors.New("Token is expired")
|
|
vErr.Errors |= ValidationErrorExpired
|
|
}
|
|
|
|
if m.VerifyIssuedAt(now, false) == false {
|
|
vErr.Inner = errors.New("Token used before issued")
|
|
vErr.Errors |= ValidationErrorIssuedAt
|
|
}
|
|
|
|
if m.VerifyNotBefore(now, false) == false {
|
|
vErr.Inner = errors.New("Token is not valid yet")
|
|
vErr.Errors |= ValidationErrorNotValidYet
|
|
}
|
|
|
|
if vErr.valid() {
|
|
return nil
|
|
}
|
|
|
|
return vErr
|
|
}
|