Merge pull request #113 from nats-io/port_108

[ADDED] IsClaimRevoked to check user claim and fixed some comments.
nats-io · Oct 30, 2020 · c31b0a8 · c31b0a8
2 parents e11ce31 + 8363724
commit c31b0a8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/account_claims.go b/account_claims.go
@@ -221,3 +221,12 @@ func (a *AccountClaims) IsRevokedAt(pubKey string, timestamp time.Time) bool {
 func (a *AccountClaims) IsRevoked(_ string) bool {
 	return true
 }
+
+// IsClaimRevoked checks if the account revoked the claim passed in.
+// Invalid claims (nil, no Subject or IssuedAt) will return true.
+func (a *AccountClaims) IsClaimRevoked(claim *UserClaims) bool {
+	if claim == nil || claim.IssuedAt == 0 || claim.Subject == "" {
+		return true
+	}
+	return a.Revocations.IsRevoked(claim.Subject, time.Unix(claim.IssuedAt, 0))
+}
diff --git a/account_claims_test.go b/account_claims_test.go
@@ -488,7 +488,14 @@ func TestUserRevocation(t *testing.T) {
 	apk := publicKey(akp, t)
 	account := NewAccountClaims(apk)
 
-	pubKey := "bar"
+	ukp := createUserNKey(t)
+	pubKey := publicKey(ukp, t)
+	uc := NewUserClaims(pubKey)
+	uJwt, _ := uc.Encode(akp)
+	uc, err := DecodeUserClaims(uJwt)
+	if err != nil {
+		t.Errorf("Failed to decode user claim: %v", err)
+	}
 	now := time.Now()
 
 	// test that clear is safe before we add any
@@ -523,13 +530,13 @@ func TestUserRevocation(t *testing.T) {
 
 	account.ClearRevocation(pubKey)
 
-	if account.IsRevokedAt(pubKey, now) {
+	if account.IsClaimRevoked(uc) {
 		t.Errorf("revocations should be cleared")
 	}
 
 	account.RevokeAt(pubKey, now.Add(time.Second*1000))
 
-	if !account.IsRevoked(pubKey) {
+	if !account.IsClaimRevoked(uc) {
 		t.Errorf("revocation be true we revoked in the future")
 	}
 }
diff --git a/revocation_list.go b/revocation_list.go
@@ -39,7 +39,7 @@ func (r RevocationList) ClearRevocation(pubKey string) {
 }
 
 // IsRevoked checks if the public key is in the revoked list with a timestamp later than
-// the one passed in. Generally this method is called with time.Now() but other time's can
+// the one passed in. Generally this method is called with an issue time but other time's can
 // be used for testing.
 func (r RevocationList) IsRevoked(pubKey string, timestamp time.Time) bool {
 	ts, ok := r[pubKey]