diff --git a/src/Authorizer.cpp b/src/Authorizer.cpp index 2f35e9c..eb70092 100644 --- a/src/Authorizer.cpp +++ b/src/Authorizer.cpp @@ -25,7 +25,7 @@ std::optional getKey(const std::string &user, const YAML::Node &key // Class implementation. Authorizer::Authorizer(const std::string &keyFilePath, const std::string &aclFilePath) : - _keyFile{keyFilePath}, _aclFile{aclFilePath} + _keyFile{YAML::LoadFile(keyFilePath)}, _aclFile{YAML::LoadFile(aclFilePath)} { } @@ -98,6 +98,7 @@ bool Authorizer::is_unknown(const std::string &username) std::tuple checkACL(const std::string &user, const YAML::Node &aclFile) { // TODO: Make sure default exists. + YAML::Node userDict; if (aclFile[user]) { diff --git a/src/utils.cpp b/src/utils.cpp index 30025a6..8382ede 100644 --- a/src/utils.cpp +++ b/src/utils.cpp @@ -61,34 +61,42 @@ bool validate(const std::string &token, const std::string &username, const std:: } auto claims = decoded_token.get_payload_claims(); - // Check username matches. - if (not claims.contains("upn")) + try { - std::cerr << "Missing upn." << std::endl; - return false; - } - if (claims["upn"].as_string() != username) - { - std::cerr << "Wrong username." << std::endl; - return false; - } + // Check username matches. + if (not claims.contains("upn")) + { + std::cerr << "Missing upn." << std::endl; + return false; + } + if (claims["upn"].as_string() != username) + { + std::cerr << "Wrong username." << std::endl; + return false; + } - // Check for mqtt-write claim value. - if (not claims.contains("mqtt")) - { - std::cerr << "Missing mqtt claim." << std::endl; - return false; - } - if (not(claims["mqtt"].as_string() == "true")) - { - std::cerr << "Not claiming can do mqtt." << std::endl; - return false; - } + // Check for mqtt-write claim value. + if (not claims.contains("mqtt")) + { + std::cerr << "Missing mqtt claim." << std::endl; + return false; + } + if (not(claims["mqtt"].as_bool())) + { + std::cerr << "Not claiming can do mqtt." << std::endl; + return false; + } - // Do we have an expiration time? - if (not claims.contains("exp")) + // Do we have an expiration time? + if (not claims.contains("exp")) + { + std::cerr << "Missing expiration time claim." << std::endl; + return false; + } + } + catch(const std::bad_cast& exception) { - std::cerr << "Missing expiration time claim." << std::endl; + std::cerr << "Failed to parse claims. Reason: " << exception.what() << std::endl; return false; } @@ -105,7 +113,7 @@ std::string gen_token( const auto token = jwt::create() .set_type("JWT") .set_payload_claim("upn", jwt::claim(username)) - .set_payload_claim("mqtt", jwt::claim(std::string("true"))) + .set_payload_claim("mqtt", jwt::claim(picojson::value(true))) .set_issued_at(issue_time) .set_expires_at(expr_time) .sign(jwt::algorithm::rs256(pub_key, priv_key, "", "")); diff --git a/test/token_test.cpp b/test/token_test.cpp index a0826f1..40111f1 100644 --- a/test/token_test.cpp +++ b/test/token_test.cpp @@ -13,7 +13,6 @@ // limitations under the License. #include -#include #include #include "gtest/gtest.h"