[BACKEND-440] Raw token support for validator repository (#69)

Author: imrekel

service/validator_repository.go

@@ -10,11 +10,13 @@ import (
 	"github.com/pkg/errors"
 )
 
-// JwtValidatorRepository contains a set of JWT validators and can return the appropriate one for a given request
-// The request must contain a valid JWT in the Authorization header  ("Authorization: Bearer <token>")
+// JwtValidatorRepository contains a set of JWT validators and can return the appropriate one for a given request or raw JWT
+//
+// The request must contain a valid JWT in the Authorization header ("Authorization: Bearer <token>")
 // The validator is selected based on the "iss" claim in the JWT
 type JwtValidatorRepository interface {
 	GetJwtValidatorForRequest(r *http.Request) (Validator, error)
+	GetJwtValidatorForRawToken(rawJwt string) (Validator, error)
 }
 
 // DefaultJwtValidatorRepository ...
@@ -36,14 +38,19 @@ func (vr *DefaultJwtValidatorRepository) GetJwtValidatorForRequest(r *http.Reque
 		return nil, errors.New("failed to read JWT from header")
 	}
 
-	iss, err := vr.getIssuerFromRawJWT(rawJwt[1])
+	return vr.GetJwtValidatorForRawToken(rawJwt[1])
+}
+
+// GetJwtValidatorForRawToken ...
+func (vr *DefaultJwtValidatorRepository) GetJwtValidatorForRawToken(rawJwt string) (Validator, error) {
+	iss, err := vr.getIssuerFromRawJWT(rawJwt)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get issuer form the JWT")
 	}
 
 	validator := vr.JwtValidators[iss]
 	if validator == nil {
-		return nil, errors.New("there is no JWT validator for this issuer")
+		return nil, fmt.Errorf("there is no JWT validator for issuer: %s", iss)
 	}
 
 	return validator, nil

service/validator_repository_test.go

@@ -15,7 +15,25 @@ const (
 	tokenIssuerServiceIssuer = "https://token-issuer.bitrise.io/auth/realms/bitrise-services"
 )
 
-func Test_GivenMatchingValidatorExists_ReturnsValidator(t *testing.T) {
+func Test_GetJwtValidatorForRawToken_GivenMatchingValidatorExists_ReturnsValidator(t *testing.T) {
+	authServiceValidator := NewValidator(
+		config.NewAudienceConfig("bitrise-api", "bitrise"),
+		WithRealm("bitrise-services"))
+	tokenIssuerServiceValidator := NewValidator(
+		config.NewAudienceConfig("bitrise-api", "bitrise"),
+		WithRealm("bitrise-services"))
+	vr := NewJwtValidatorRepository(map[string]Validator{
+		authServiceIssuer:        authServiceValidator,
+		tokenIssuerServiceIssuer: tokenIssuerServiceValidator,
+	})
+
+	v, err := vr.GetJwtValidatorForRawToken(mocks.RawMockToken)
+	assert.NoError(t, err)
+
+	assert.Equal(t, tokenIssuerServiceValidator, v)
+}
+
+func Test_GetJwtValidatorForRequest_GivenMatchingValidatorExists_ReturnsValidator(t *testing.T) {
 	authServiceValidator := NewValidator(
 		config.NewAudienceConfig("bitrise-api", "bitrise"),
 		WithRealm("bitrise-services"))
@@ -37,7 +55,7 @@ func Test_GivenMatchingValidatorExists_ReturnsValidator(t *testing.T) {
 	assert.Equal(t, tokenIssuerServiceValidator, v)
 }
 
-func Test_GivenNoMatchingValidatorExists_ReturnsError(t *testing.T) {
+func Test_GetJwtValidatorForRequest_GivenNoMatchingValidatorExists_ReturnsError(t *testing.T) {
 	authServiceValidator := NewValidator(
 		config.NewAudienceConfig("bitrise-api", "bitrise"),
 		WithRealm("bitrise-services"))
@@ -50,10 +68,10 @@ func Test_GivenNoMatchingValidatorExists_ReturnsError(t *testing.T) {
 	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", mocks.RawMockToken))
 
 	_, err = vr.GetJwtValidatorForRequest(request)
-	assert.EqualError(t, err, "there is no JWT validator for this issuer")
+	assert.EqualError(t, err, "there is no JWT validator for issuer: https://token-issuer.bitrise.io/auth/realms/bitrise-services")
 }
 
-func Test_GivenInvalidAuthorizationHeader_ReturnsError(t *testing.T) {
+func Test_GetJwtValidatorForRequest_GivenInvalidAuthorizationHeader_ReturnsError(t *testing.T) {
 	authServiceValidator := NewValidator(
 		config.NewAudienceConfig("bitrise-api", "bitrise"),
 		WithRealm("bitrise-services"))