Pass in the current jwt payload in to getJWTCustomClaims (#34)

elpete · web-flow · commit aca2056bc8d4 · 2021-10-15T12:39:28.000-06:00
* Pass in the current jwt payload in to getJWTCustomClaims

* Make our example user implement the IJwtSubject interface
diff --git a/interfaces/jwt/IJwtSubject.cfc b/interfaces/jwt/IJwtSubject.cfc
@@ -9,7 +9,7 @@ interface{
     /**
      * A struct of custom claims to add to the JWT token
      */
-    struct function getJwtCustomClaims();
+    struct function getJwtCustomClaims( required struct payload );
 
     /**
      * This function returns an array of all the scopes that should be attached to the JWT token that will be used for authorization.
diff --git a/models/jwt/JwtService.cfc b/models/jwt/JwtService.cfc
@@ -791,7 +791,7 @@ component accessors="true" singleton threadsafe {
 		// Append user custom claims with override, they take prescedence
 		structAppend(
 			payload,
-			arguments.user.getJwtCustomClaims(),
+			arguments.user.getJwtCustomClaims( payload ),
 			true
 		);
 
@@ -864,7 +864,7 @@ component accessors="true" singleton threadsafe {
 	 *
 	 * @return The discovered refresh token or an empty string
 	 */
-	private string function discoverRefreshToken(){
+	public string function discoverRefreshToken(){
 		var event = variables.requestService.getContext();
 
 		// Discover api token from headers using a custom header or the incoming RC
diff --git a/test-harness/models/User.cfc b/test-harness/models/User.cfc
@@ -1,4 +1,4 @@
-component accessors="true" {
+component accessors="true" implements="cbsecurity.interfaces.jwt.IJwtSubject" {
 
 	property name="auth" inject="authenticationService@cbauth";
 
@@ -27,8 +27,11 @@ component accessors="true" {
 	/**
 	 * A struct of custom claims to add to the JWT token
 	 */
-	struct function getJWTCustomClaims(){
-		return { "role" : "admin" };
+	struct function getJWTCustomClaims( required struct payload ){
+		return {
+			"duplicatedJTI": arguments.payload.jti,
+			"role" : "admin"
+		};
 	}
 
 	/**
diff --git a/test-harness/tests/specs/integration/JWTSpec.cfc b/test-harness/tests/specs/integration/JWTSpec.cfc
@@ -189,6 +189,23 @@ component extends="coldbox.system.testing.BaseTestCase" appMapping="/root" {
 						} );
 					} );
 
+					given( "a getJwtCustomClaims method on user", function(){
+						then( "it should pass the current payload in to the function", function(){
+							var oUser  = variables.userService.retrieveUserByUsername( "test" );
+							var tokens = variables.jwtService.fromUser( oUser );
+							expect( tokens ).toBeStruct().toHaveKey( "access_token" );
+
+							var decodedAccessToken = variables.jwtService.decode(
+								tokens.access_token
+							);
+							expect( decodedAccessToken ).toHaveKey( "jti" );
+							expect( decodedAccessToken ).toHaveKey( "duplicatedJTI" );
+							expect( decodedAccessToken.duplicatedJTI ).toBe(
+								decodedAccessToken.jti
+							);
+						} );
+					} );
+
 					given( "an invalid refresh token", function(){
 						then( "an exception should be thrown", function(){
 							expect( function(){
