Juliusz Chroboczek
d9e956be48
More JWT paranoia.
2024-05-11 22:45:52 +02:00
Juliusz Chroboczek
969354e9e5
Honour the kid field in JWT if present.
2024-05-11 12:29:30 +02:00
Juliusz Chroboczek
3a6d924374
Attempt all keys when validating stateless tokens.
2024-05-09 18:40:50 +02:00
Juliusz Chroboczek
1315084185
Implement message permission and shutup command.
2024-05-08 16:24:32 +02:00
Juliusz Chroboczek
53481fde5e
Protect against empty expires field in Expire.
2024-05-02 18:48:51 +02:00
Juliusz Chroboczek
2f5c21d161
Implement accessors for stateful tokens.
2024-05-01 22:39:48 +02:00
Juliusz Chroboczek
e8ea707904
Split token.Get into method and function.
2024-05-01 19:29:30 +02:00
Juliusz Chroboczek
368791648f
Expand high-level token test.
2024-05-01 19:25:43 +02:00
Juliusz Chroboczek
8a94f4a716
Export getStateful, simplify interface.
...
We used to return nil, nil if the token didn't exist.
We now return os.ErrNotExist.
2024-05-01 19:25:26 +02:00
Juliusz Chroboczek
3409f5a27f
Replace uses of os.IsExist and os.IsNotExist with errors.Is.
...
The former don't properly unwrap errors.
2024-04-14 13:34:32 +02:00
Juliusz Chroboczek
68887f13d5
Rename tokens.Edit to Extend.
2024-04-14 13:21:55 +02:00
Juliusz Chroboczek
b8f7c68338
Return correct error message for invalid tokens.
2024-03-03 15:42:46 +01:00
Juliusz Chroboczek
27e502e63c
Upgrade to go-jwt v5.
...
A token with no "sub" field is now treated just like one with an
empty "sub". In addition, all times are treated with a slack of 5s.
2023-12-10 00:47:17 +01:00
Juliusz Chroboczek
5aff224e62
Complete token.stateful.Clone.
2023-07-09 11:52:13 +02:00
Juliusz Chroboczek
e73aaa31d7
Remove tokens.Del.
...
It was unused.
2023-07-09 11:51:18 +02:00
Juliusz Chroboczek
0de0199742
Resynchronise with disk when editing tokens.
...
We used to assume that the in-memory representation is in sync
when editing a stateful token. That is usually the case, since
editing requires knowing the token to edit, but resynchronising
here is the right thing to do.
2023-05-19 15:08:05 +02:00
Juliusz Chroboczek
3c0dbf5e9b
Reliably return an error from token.Parse.
...
We would sometimes return nil cast to an interface with no error,
which would cause the server to crash with a null dereference.
2023-05-14 21:14:59 +02:00
Juliusz Chroboczek
8775ce6406
Keep track of issuer and creation date in tokens.
2023-04-08 21:13:35 +02:00
Juliusz Chroboczek
adf273f9ea
Expire expired tokens.
...
We now remove a token a week after it has expired.
2023-04-04 01:22:05 +02:00
Juliusz Chroboczek
a6314a7384
Implement stateful tokens.
...
Stateful tokens look just like cryptographic tokens to the client.
Unlike cryptographic tokens, they are stored in a file and are
revokable and editable.
2023-04-04 00:59:54 +02:00
Juliusz Chroboczek
c58064d923
Move token handling into the separate module.
...
Tokens are now an interface, and all the token logic is encapsulated
in the token module.
2023-04-03 22:58:38 +02:00
Juliusz Chroboczek
f75b964a6b
Distinguish tokens with empty sub from no sub
...
We now distinguish between tokens that specify an empty username
(sub="") and tokens that don't specify sub. The latter are
considered invalid for now.
2023-01-14 23:19:51 +01:00
Juliusz Chroboczek
de3a016f4d
Set the username in the server when using tokens.
...
This avoids the need to pass the username in the URL without
requiring the client to parse tokens.
2022-02-20 15:33:11 +01:00
Juliusz Chroboczek
c4d46d20aa
Add the galene-link utility.
2022-02-20 01:16:26 +01:00
Juliusz Chroboczek
37ef768ac0
Fix token parsing when aud is an array.
2022-02-20 01:05:21 +01:00
Juliusz Chroboczek
a86fb08f6c
Replace ClientPermissions with a list of strings.
...
Now that we support external auth, the permissions list is
open-ended. Make it a list for simplicity.
2022-02-19 23:44:57 +01:00
Juliusz Chroboczek
1d583e5367
Don't verify token issuer.
...
This makes it possible to use token authentication without
an authentication server.
2022-02-18 19:21:02 +01:00
Juliusz Chroboczek
7784a2ac96
Add more tests for token auth.
2022-02-18 16:08:44 +01:00
Juliusz Chroboczek
947eb71328
Used named errors in token code.
2022-02-18 15:59:59 +01:00
Juliusz Chroboczek
03811db37d
Implement token authentication.
2022-02-18 13:35:17 +01:00