From c14076b13f0d1257511eaf97d0c43583432e11a7 Mon Sep 17 00:00:00 2001 From: Matthias Hanel Date: Thu, 14 Jan 2021 15:15:20 -0500 Subject: [PATCH] Incorporating review comments Signed-off-by: Matthias Hanel --- server/accounts.go | 4 ++-- server/auth.go | 2 +- server/client.go | 2 +- server/jwt_test.go | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/accounts.go b/server/accounts.go index 53d23c29..b4d054b5 100644 --- a/server/accounts.go +++ b/server/accounts.go @@ -2849,7 +2849,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim // update account signing keys a.signingKeys = nil if len(ac.SigningKeys) > 0 { - a.signingKeys = map[string]jwt.Scope{} + a.signingKeys = make(map[string]jwt.Scope, len(ac.SigningKeys)) } signersChanged := false for k, scope := range ac.SigningKeys { @@ -3157,7 +3157,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim c.mu.Lock() sk := c.user.SigningKey c.mu.Unlock() - if sk == "" { + if sk == _EMPTY_ { continue } if _, ok := alteredScope[sk]; ok { diff --git a/server/auth.go b/server/auth.go index fe1ff420..b12fa165 100644 --- a/server/auth.go +++ b/server/auth.go @@ -561,7 +561,7 @@ func (s *Server) processClientOrLeafAuthentication(c *client, opts *Options) boo return false } // this only executes IF there's an issuer on the Juc - otherwise the account is already vetted - if juc.IssuerAccount != "" { + if juc.IssuerAccount != _EMPTY_ { if scope, ok := acc.hasIssuer(juc.Issuer); !ok { c.Debugf("User JWT issuer is not known") return false diff --git a/server/client.go b/server/client.go index 036fc432..81347713 100644 --- a/server/client.go +++ b/server/client.go @@ -688,7 +688,7 @@ func (c *client) applyAccountLimits() { if uc, _ := jwt.DecodeUserClaims(c.opts.JWT); uc != nil { c.mpay = int32(uc.Limits.Payload) c.msubs = int32(uc.Limits.Subs) - if uc.IssuerAccount != "" && uc.IssuerAccount != uc.Issuer { + if uc.IssuerAccount != _EMPTY_ && uc.IssuerAccount != uc.Issuer { if scope, ok := c.acc.signingKeys[uc.Issuer]; ok { if userScope, ok := scope.(*jwt.UserScope); ok { // if signing key disappeared or changed and we don't get here, the client will be disconnected diff --git a/server/jwt_test.go b/server/jwt_test.go index 6bbe45c6..40a71777 100644 --- a/server/jwt_test.go +++ b/server/jwt_test.go @@ -4571,7 +4571,7 @@ func newUserEx(t *testing.T, accKp nkeys.KeyPair, scoped bool, issuerAccount str uclaim := newJWTTestUserClaims() uclaim.Subject = upub uclaim.SetScoped(scoped) - if issuerAccount != "" { + if issuerAccount != _EMPTY_ { uclaim.IssuerAccount = issuerAccount } ujwt, err := uclaim.Encode(accKp)