From 9c8efaeb791472ad768c6d92b9b24170486bb17b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Apr 2022 23:11:16 +0000 Subject: [PATCH] Bump github.com/form3tech-oss/jwt-go Bumps [github.com/form3tech-oss/jwt-go](https://github.com/form3tech-oss/jwt-go) from 3.2.2+incompatible to 3.2.5+incompatible. - [Release notes](https://github.com/form3tech-oss/jwt-go/releases) - [Changelog](https://github.com/form3tech-oss/jwt-go/blob/master/VERSION_HISTORY.md) - [Commits](https://github.com/form3tech-oss/jwt-go/compare/v3.2.2...v3.2.5) --- updated-dependencies: - dependency-name: github.com/form3tech-oss/jwt-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../form3tech-oss/jwt-go/map_claims.go | 66 ++++++++++++------- vendor/modules.txt | 2 +- 4 files changed, 47 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 8c46b8ab..31c190b8 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/beevik/etree v1.1.0 github.com/crewjam/httperr v0.2.0 github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 - github.com/form3tech-oss/jwt-go v3.2.2+incompatible + github.com/form3tech-oss/jwt-go v3.2.5+incompatible github.com/google/go-cmp v0.5.5 github.com/kr/pretty v0.3.0 github.com/mattermost/xml-roundtrip-validator v0.1.0 diff --git a/go.sum b/go.sum index 600aad56..ca24a1ad 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 h1:RAV05c0xOkJ3dZGS0JFybxFKZ2WMLabgx3uXnd7rpGs= github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/form3tech-oss/jwt-go v3.2.5+incompatible h1:/l4kBbb4/vGSsdtB5nUe8L7B9mImVMaBPw9L/0TBHU8= +github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= diff --git a/vendor/github.com/form3tech-oss/jwt-go/map_claims.go b/vendor/github.com/form3tech-oss/jwt-go/map_claims.go index 90ab6bea..14b434ce 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/map_claims.go +++ b/vendor/github.com/form3tech-oss/jwt-go/map_claims.go @@ -13,45 +13,61 @@ type MapClaims map[string]interface{} // Compares the aud claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyAudience(cmp string, req bool) bool { - aud, ok := m["aud"].([]string) - if !ok { - strAud, ok := m["aud"].(string) - if !ok { - return false + var aud []string + switch v := m["aud"].(type) { + case []string: + aud = v + case []interface{}: + for _, a := range v { + vs, ok := a.(string) + if !ok { + return false + } + aud = append(aud, vs) } - aud = append(aud, strAud) + case string: + aud = append(aud, v) + default: + return false } - return verifyAud(aud, cmp, req) } // Compares the exp claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool { - switch exp := m["exp"].(type) { + exp, ok := m["exp"] + if !ok { + return !req + } + switch expType := exp.(type) { case float64: - return verifyExp(int64(exp), cmp, req) + return verifyExp(int64(expType), cmp, req) case json.Number: - v, _ := exp.Int64() + v, _ := expType.Int64() return verifyExp(v, cmp, req) } - return req == false + return false } // Compares the iat claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool { - switch iat := m["iat"].(type) { + iat, ok := m["iat"] + if !ok { + return !req + } + switch iatType := iat.(type) { case float64: - return verifyIat(int64(iat), cmp, req) + return verifyIat(int64(iatType), cmp, req) case json.Number: - v, _ := iat.Int64() + v, _ := iatType.Int64() return verifyIat(v, cmp, req) } - return req == false + return false } -// Compares the iss claim against cmp. +// Compares the iss claim against cmp.`` // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { iss, _ := m["iss"].(string) @@ -61,14 +77,18 @@ func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { // Compares the nbf claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool { - switch nbf := m["nbf"].(type) { + nbf, ok := m["nbf"] + if !ok { + return !req + } + switch nbfType := nbf.(type) { case float64: - return verifyNbf(int64(nbf), cmp, req) + return verifyNbf(int64(nbfType), cmp, req) case json.Number: - v, _ := nbf.Int64() + v, _ := nbfType.Int64() return verifyNbf(v, cmp, req) } - return req == false + return false } // Validates time based claims "exp, iat, nbf". @@ -79,17 +99,17 @@ func (m MapClaims) Valid() error { vErr := new(ValidationError) now := TimeFunc().Unix() - if m.VerifyExpiresAt(now, false) == false { + if !m.VerifyExpiresAt(now, false) { vErr.Inner = errors.New("Token is expired") vErr.Errors |= ValidationErrorExpired } - if m.VerifyIssuedAt(now, false) == false { + if !m.VerifyIssuedAt(now, false) { vErr.Inner = errors.New("Token used before issued") vErr.Errors |= ValidationErrorIssuedAt } - if m.VerifyNotBefore(now, false) == false { + if !m.VerifyNotBefore(now, false) { vErr.Inner = errors.New("Token is not valid yet") vErr.Errors |= ValidationErrorNotValidYet } diff --git a/vendor/modules.txt b/vendor/modules.txt index 3147a2da..0ba80cf1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/crewjam/httperr # github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 ## explicit github.com/dchest/uniuri -# github.com/form3tech-oss/jwt-go v3.2.2+incompatible +# github.com/form3tech-oss/jwt-go v3.2.5+incompatible ## explicit github.com/form3tech-oss/jwt-go # github.com/google/go-cmp v0.5.5