Extend authorization and authentication data

Microkubes · Apr 14, 2020 · cd76592 · cd76592
1 parent 9903e61
commit cd76592
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 26 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -8,9 +8,19 @@ import "golang.org/x/net/context"
 type Auth struct {
 	// UserID is the ID of the authenticated user.
 	UserID string `json:"userId,omitempty"`
-	// Username is the email of the authenticated user.
+
+	// CustomerID is the ID of the customer to which the authenticated user belongs.
+	CustomerID string `json:"customerID,omitempty"`
+
+	// Username is the username of the authenticated user.
 	Username string `json:"username,omitempty"`
 
+	// Fullname is the first name and surname of the authenticated user.
+	Fullname string `json:"fullname,omitempty"`
+
+	// Email is the email of the authenticated user.
+	Email string `json:"email,omitempty"`
+
 	// Roles is the list of roles that the user has claimed and have been authorized by the system.
 	Roles []string `json:"roles,omitempty"`
 

diff --git a/jwt/jwt.go b/jwt/jwt.go
@@ -42,41 +42,42 @@ func NewJWTSecurityMiddleware(resolver goajwt.KeyResolver, scheme *goa.JWTSecuri
 			jwtToken := goajwt.ContextJWT(ctx)
 			claims := jwtToken.Claims.(jwt.MapClaims)
 
-			if _, ok := claims["username"]; !ok {
-				return jwt.NewValidationError("Username is missing", jwt.ValidationErrorClaimsInvalid)
-			}
 			if _, ok := claims["userId"]; !ok {
 				return jwt.NewValidationError("User ID is missing", jwt.ValidationErrorClaimsInvalid)
 			}
-			roles := []string{}
-			organizations := []string{}
-			namespaces := []string{}
-			var username string
-			var userID string
-
-			username = claims["username"].(string)
-			if _, ok := claims["userId"].(string); !ok {
-				return jwt.NewValidationError("Invalid user ID", jwt.ValidationErrorClaimsInvalid)
+
+			authObj := &auth.Auth{
+				UserID: claims["userId"].(string),
 			}
-			userID = claims["userId"].(string)
 
-			if rolesStr, ok := claims["roles"]; ok {
-				roles = strings.Split(rolesStr.(string), ",")
+			if _, ok := claims["customerID"]; ok {
+				authObj.CustomerID = claims["customerID"].(string)
 			}
-			if organizationsStr, ok := claims["organizations"]; ok {
-				organizations = strings.Split(organizationsStr.(string), ",")
+
+			if _, ok := claims["username"]; ok {
+				authObj.Username = claims["username"].(string)
 			}
-			if namespacesStr, ok := claims["namespaces"]; ok {
-				namespaces = strings.Split(namespacesStr.(string), ",")
+
+			if _, ok := claims["fullname"]; ok {
+				authObj.Fullname = claims["fullname"].(string)
 			}
 
-			authObj := &auth.Auth{
-				Roles:         roles,
-				Organizations: organizations,
-				Username:      username,
-				UserID:        userID,
-				Namespaces:    namespaces,
+			if _, ok := claims["email"]; ok {
+				authObj.Email = claims["email"].(string)
 			}
+
+			if rolesStr, ok := claims["roles"]; ok {
+				authObj.Roles = strings.Split(rolesStr.(string), ",")
+			}
+
+			if organizations, ok := claims["organizations"]; ok {
+				authObj.Organizations = strings.Split(organizations.(string), ",")
+			}
+
+			if namespaces, ok := claims["namespaces"]; ok {
+				authObj.Namespaces = strings.Split(namespaces.(string), ",")
+			}
+
 			return handler(auth.SetAuth(ctx, authObj), rw, req)
 		}
 	}, scheme)