[removed] jwt activation token as url and corresponding download (#144)

[CHANGED] tokens must be embedded into the JWT, URL based tokens are not supported. Signed-off-by: Matthias Hanel <mh@synadia.com>
nats-io · Jan 30, 2021 · 9bde681 · 9bde681
1 parent f3ef7d6
commit 9bde681
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 99 deletions.
diff --git a/v2/imports.go b/v2/imports.go
@@ -15,13 +15,6 @@
 
 package jwt
 
-import (
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"time"
-)
-
 // Import describes a mapping from another account into this one
 type Import struct {
 	Name string `json:"name,omitempty"`
@@ -92,32 +85,10 @@ func (i *Import) Validate(actPubKey string, vr *ValidationResults) {
 	var act *ActivationClaims
 
 	if i.Token != "" {
-		// Check to see if its an embedded JWT or a URL.
-		if u, err := url.Parse(i.Token); err == nil && u.Scheme != "" {
-			c := &http.Client{Timeout: 5 * time.Second}
-			resp, err := c.Get(u.String())
-			if err != nil {
-				vr.AddWarning("import %s contains an unreachable token URL %q", i.Subject, i.Token)
-			}
-
-			if resp != nil {
-				defer resp.Body.Close()
-				body, err := ioutil.ReadAll(resp.Body)
-				if err != nil {
-					vr.AddWarning("import %s contains an unreadable token URL %q", i.Subject, i.Token)
-				} else {
-					act, err = DecodeActivationClaims(string(body))
-					if err != nil {
-						vr.AddWarning("import %s contains a URL %q with an invalid activation token", i.Subject, i.Token)
-					}
-				}
-			}
-		} else {
-			var err error
-			act, err = DecodeActivationClaims(i.Token)
-			if err != nil {
-				vr.AddWarning("import %q contains an invalid activation token", i.Subject)
-			}
+		var err error
+		act, err = DecodeActivationClaims(i.Token)
+		if err != nil {
+			vr.AddWarning("import %q contains an invalid activation token", i.Subject)
 		}
 	}
 

diff --git a/v2/imports_test.go b/v2/imports_test.go
@@ -16,9 +16,6 @@
 package jwt
 
 import (
-	"fmt"
-	"net/http"
-	"net/http/httptest"
 	"sort"
 	"strings"
 	"testing"
@@ -384,69 +381,6 @@ func TestImportsLocalSubjectVariants(t *testing.T) {
 	}
 }
 
-func TestTokenURLImportValidation(t *testing.T) {
-	ak := createAccountNKey(t)
-	ak2 := createAccountNKey(t)
-	akp := publicKey(ak, t)
-	akp2 := publicKey(ak2, t)
-	i := &Import{Subject: "test", Account: akp2, To: "bar", Type: Stream}
-
-	activation := NewActivationClaims(akp)
-	activation.Expires = time.Now().Add(time.Hour).UTC().Unix()
-	activation.ImportSubject = "test"
-	activation.ImportType = Stream
-
-	actJWT := encode(activation, ak2, t)
-
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(actJWT))
-	}))
-	defer ts.Close()
-
-	i.Token = ts.URL
-	vr := CreateValidationResults()
-	i.Validate(akp, vr)
-
-	if !vr.IsEmpty() {
-		fmt.Printf("vr is %+v\n", vr)
-		t.Errorf("imports with token url should be valid")
-	}
-
-	i.Token = "http://Bad URL"
-	vr = CreateValidationResults()
-	i.Validate(akp, vr)
-
-	if vr.IsEmpty() {
-		t.Errorf("imports with bad token url should be valid")
-	}
-
-	ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte("bad jwt"))
-	}))
-	defer ts.Close()
-
-	i.Token = ts.URL
-	vr = CreateValidationResults()
-	i.Validate(akp, vr)
-
-	if vr.IsEmpty() {
-		t.Errorf("imports with token url pointing to bad JWT")
-	}
-
-	ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusBadRequest)
-	}))
-	defer ts.Close()
-
-	i.Token = ts.URL
-	vr = CreateValidationResults()
-	i.Validate(akp, vr)
-
-	if vr.IsEmpty() {
-		t.Errorf("imports with token url pointing to bad url")
-	}
-}
-
 func TestImportSubjectValidation(t *testing.T) {
 	ak := createAccountNKey(t)
 	akp := publicKey(ak, t)