Refactor jwt.StandardClaims to RegisteredClaims (#18344)

* Refactor jwt.StandardClaims to RegisteredClaims go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims instead. This PR migrates to use this new format. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-01-20 21:52:56 +00:00 · 2022-01-20 21:52:56 +00:00 · 44deae8f3d
commit 44deae8f3d
parent 54e9ee37a7
5 changed files with 19 additions and 27 deletions
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@ -44,7 +44,7 @@ func CheckOAuthAccessToken(accessToken string) int64 {
 	if token.Type != oauth2.TypeAccessToken {
 		return 0
 	}
-	if token.ExpiresAt < time.Now().Unix() || token.IssuedAt > time.Now().Unix() {
+	if token.ExpiresAt.Before(time.Now()) || token.IssuedAt.After(time.Now()) {
 		return 0
 	}
 	return grant.UserID
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@ -37,8 +37,7 @@ type Token struct {
 	GrantID int64     `json:"gnt"`
 	Type    TokenType `json:"tt"`
 	Counter int64     `json:"cnt,omitempty"`
-	// FIXME: Migrate to registered claims
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }

 // ParseToken parses a signed jwt string
@ -62,7 +61,7 @@ func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {

 // SignToken signs the token with the JWT secret
 func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {
-	token.IssuedAt = time.Now().Unix()
+	token.IssuedAt = jwt.NewNumericDate(time.Now())
 	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
 	signingKey.PreProcessToken(jwtToken)
 	return jwtToken.SignedString(signingKey.SignKey())
@ -70,8 +69,7 @@ func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {

 // OIDCToken represents an OpenID Connect id_token
 type OIDCToken struct {
-	// FIXME: Migrate to RegisteredClaims
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 	Nonce string `json:"nonce,omitempty"`

 	// Scope profile
@ -93,7 +91,7 @@ type OIDCToken struct {

 // SignToken signs an id_token with the (symmetric) client secret key
 func (token *OIDCToken) SignToken(signingKey JWTSigningKey) (string, error) {
-	token.IssuedAt = time.Now().Unix()
+	token.IssuedAt = jwt.NewNumericDate(time.Now())
 	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
 	signingKey.PreProcessToken(jwtToken)
 	return jwtToken.SignedString(signingKey.SignKey())
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@ -45,8 +45,7 @@ type Claims struct {
 	RepoID int64
 	Op     string
 	UserID int64
-	// FIXME: Migrate to RegisteredClaims
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }

 // DownloadLink builds a URL to download the object.