gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity

Incorporating review comments

Browse Source 
Signed-off-by: Matthias Hanel <mh@synadia.com>
This commit is contained in:
Matthias Hanel
2021-01-14 15:15:20 -05:00
parent 2edd883a6e
commit c14076b13f
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/accounts.go
View File

@@ -2849,7 +2849,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
// update account signing keys
a.signingKeys = nil
if len(ac.SigningKeys) > 0 {
a.signingKeys = map[string]jwt.Scope{}
a.signingKeys = make(map[string]jwt.Scope, len(ac.SigningKeys))
}
signersChanged := false
for k, scope := range ac.SigningKeys {
@@ -3157,7 +3157,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
c.mu.Lock()
sk := c.user.SigningKey
c.mu.Unlock()
if sk == "" {
if sk == _EMPTY_ {
continue
}
if _, ok := alteredScope[sk]; ok {

2
server/auth.go
View File

@@ -561,7 +561,7 @@ func (s *Server) processClientOrLeafAuthentication(c *client, opts *Options) boo
return false
}
// this only executes IF there's an issuer on the Juc - otherwise the account is already vetted
if juc.IssuerAccount != "" {
if juc.IssuerAccount != _EMPTY_ {
if scope, ok := acc.hasIssuer(juc.Issuer); !ok {
c.Debugf("User JWT issuer is not known")
return false

2
server/client.go
View File

@@ -688,7 +688,7 @@ func (c *client) applyAccountLimits() {
if uc, _ := jwt.DecodeUserClaims(c.opts.JWT); uc != nil {
c.mpay = int32(uc.Limits.Payload)
c.msubs = int32(uc.Limits.Subs)
if uc.IssuerAccount != "" && uc.IssuerAccount != uc.Issuer {
if uc.IssuerAccount != _EMPTY_ && uc.IssuerAccount != uc.Issuer {
if scope, ok := c.acc.signingKeys[uc.Issuer]; ok {
if userScope, ok := scope.(*jwt.UserScope); ok {
// if signing key disappeared or changed and we don't get here, the client will be disconnected

2
server/jwt_test.go
View File

@@ -4571,7 +4571,7 @@ func newUserEx(t *testing.T, accKp nkeys.KeyPair, scoped bool, issuerAccount str
uclaim := newJWTTestUserClaims()
uclaim.Subject = upub
uclaim.SetScoped(scoped)
if issuerAccount != "" {
if issuerAccount != _EMPTY_ {
uclaim.IssuerAccount = issuerAccount
}
ujwt, err := uclaim.Encode(accKp)