From c668d6f957a724b4a3a79a84dd9d6600a2a911c7 Mon Sep 17 00:00:00 2001 From: Greg Steuck Date: Mon, 12 Jul 2021 20:49:17 -0700 Subject: dashboard/app: control time externally from api.go This way the tested code is independent of the time passage and the tests are reliable. --- dashboard/app/auth.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'dashboard/app/auth.go') diff --git a/dashboard/app/auth.go b/dashboard/app/auth.go index 25f20b10d..42d59e6ee 100644 --- a/dashboard/app/auth.go +++ b/dashboard/app/auth.go @@ -100,8 +100,9 @@ func (auth *authEndpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) // Returns the verified subject value based on the provided header // value or "" if it can't be determined. A valid result starts with -// oauthMagic. -func (auth *authEndpoint) determineAuthSubj(authHeader []string) (string, error) { +// oauthMagic. The now parameter is the current time to compare the +// claims against. +func (auth *authEndpoint) determineAuthSubj(now time.Time, authHeader []string) (string, error) { if len(authHeader) != 1 || !strings.HasPrefix(authHeader[0], "Bearer") { // This is a normal case when the client uses a password. return "", nil @@ -117,7 +118,7 @@ func (auth *authEndpoint) determineAuthSubj(authHeader []string) (string, error) err := fmt.Errorf("unexpected audience %v %v", claims.Audience, claims) return "", err } - if claims.Expiration.Before(time.Now()) { + if claims.Expiration.Before(now) { err := fmt.Errorf("token past expiration %v", claims.Expiration) return "", err } -- cgit mrf-deployment