gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

map_claims.go (2985B)

      1 package jwt
      2 
      3 import (
      4 	"encoding/json"
      5 	"errors"
      6 	// "fmt"
      7 )
      8 
      9 // Claims type that uses the map[string]interface{} for JSON decoding
     10 // This is the default claims type if you don't supply one
     11 type MapClaims map[string]interface{}
     12 
     13 // VerifyAudience Compares the aud claim against cmp.
     14 // If required is false, this method will return true if the value matches or is unset
     15 func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
     16 	var aud []string
     17 	switch v := m["aud"].(type) {
     18 	case string:
     19 		aud = append(aud, v)
     20 	case []string:
     21 		aud = v
     22 	case []interface{}:
     23 		for _, a := range v {
     24 			vs, ok := a.(string)
     25 			if !ok {
     26 				return false
     27 			}
     28 			aud = append(aud, vs)
     29 		}
     30 	}
     31 	return verifyAud(aud, cmp, req)
     32 }
     33 
     34 // Compares the exp claim against cmp.
     35 // If required is false, this method will return true if the value matches or is unset
     36 func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
     37 	exp, ok := m["exp"]
     38 	if !ok {
     39 		return !req
     40 	}
     41 	switch expType := exp.(type) {
     42 	case float64:
     43 		return verifyExp(int64(expType), cmp, req)
     44 	case json.Number:
     45 		v, _ := expType.Int64()
     46 		return verifyExp(v, cmp, req)
     47 	}
     48 	return false
     49 }
     50 
     51 // Compares the iat claim against cmp.
     52 // If required is false, this method will return true if the value matches or is unset
     53 func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
     54 	iat, ok := m["iat"]
     55 	if !ok {
     56 		return !req
     57 	}
     58 	switch iatType := iat.(type) {
     59 	case float64:
     60 		return verifyIat(int64(iatType), cmp, req)
     61 	case json.Number:
     62 		v, _ := iatType.Int64()
     63 		return verifyIat(v, cmp, req)
     64 	}
     65 	return false
     66 }
     67 
     68 // Compares the iss claim against cmp.
     69 // If required is false, this method will return true if the value matches or is unset
     70 func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
     71 	iss, _ := m["iss"].(string)
     72 	return verifyIss(iss, cmp, req)
     73 }
     74 
     75 // Compares the nbf claim against cmp.
     76 // If required is false, this method will return true if the value matches or is unset
     77 func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
     78 	nbf, ok := m["nbf"]
     79 	if !ok {
     80 		return !req
     81 	}
     82 	switch nbfType := nbf.(type) {
     83 	case float64:
     84 		return verifyNbf(int64(nbfType), cmp, req)
     85 	case json.Number:
     86 		v, _ := nbfType.Int64()
     87 		return verifyNbf(v, cmp, req)
     88 	}
     89 	return false
     90 }
     91 
     92 // Validates time based claims "exp, iat, nbf".
     93 // There is no accounting for clock skew.
     94 // As well, if any of the above claims are not in the token, it will still
     95 // be considered a valid claim.
     96 func (m MapClaims) Valid() error {
     97 	vErr := new(ValidationError)
     98 	now := TimeFunc().Unix()
     99 
    100 	if !m.VerifyExpiresAt(now, false) {
    101 		vErr.Inner = errors.New("Token is expired")
    102 		vErr.Errors |= ValidationErrorExpired
    103 	}
    104 
    105 	if !m.VerifyIssuedAt(now, false) {
    106 		vErr.Inner = errors.New("Token used before issued")
    107 		vErr.Errors |= ValidationErrorIssuedAt
    108 	}
    109 
    110 	if !m.VerifyNotBefore(now, false) {
    111 		vErr.Inner = errors.New("Token is not valid yet")
    112 		vErr.Errors |= ValidationErrorNotValidYet
    113 	}
    114 
    115 	if vErr.valid() {
    116 		return nil
    117 	}
    118 
    119 	return vErr
    120 }