chore(authorization): deduplicate constant strings

slisson · slisson · commit 2201fa069afb · 2024-12-11T11:32:27.000+01:00
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt b/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt
@@ -66,7 +66,7 @@ object ModelixAuthorization : BaseRouteScopedPlugin<IModelixAuthorizationConfig,
                         val token = JWT.create()
                             .withIssuer("modelix")
                             .withAudience("modelix")
-                            .withClaim("email", "unit-tests@example.com")
+                            .withClaim(KeycloakTokenConstants.EMAIL, "unit-tests@example.com")
                             .sign(Algorithm.HMAC256("unit-tests"))
                         // The signing algorithm and key isn't relevant because the token is already considered valid
                         // and the signature is never checked.
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/KeycloakTokenConstants.kt b/authorization/src/main/kotlin/org/modelix/authorization/KeycloakTokenConstants.kt
@@ -0,0 +1,8 @@
+package org.modelix.authorization
+
+object KeycloakTokenConstants {
+    val EMAIL = "email"
+    val PREFERRED_USERNAME = "preferred_username"
+    val REALM_ACCESS = "realm_access"
+    val REALM_ACCESS_ROLES = "roles"
+}
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt b/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt
@@ -61,10 +61,6 @@ fun createModelixAccessToken(hmac512key: String, user: String, grantedPermission
     }
 }
 
-private fun Map<String, Any>?.readRolesArray(): List<String> {
-    return this?.get("roles") as? List<String> ?: emptyList()
-}
-
 fun ApplicationCall.getBearerToken(): String? {
     val authHeader = request.parseAuthorizationHeader()
     if (authHeader == null || authHeader.authScheme != AuthScheme.Bearer) return null
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/ModelixJWTUtil.kt b/authorization/src/main/kotlin/org/modelix/authorization/ModelixJWTUtil.kt
@@ -144,8 +144,8 @@ class ModelixJWTUtil {
         }
 
         val payload = JWTClaimsSet.Builder()
-            .claim("preferred_username", user)
-            .claim("permissions", grantedPermissions)
+            .claim(KeycloakTokenConstants.PREFERRED_USERNAME, user)
+            .claim(ModelixTokenConstants.PERMISSIONS, grantedPermissions)
             .expirationTime(Date(Instant.now().plus(12, ChronoUnit.HOURS).toEpochMilli()))
             .also { additionalTokenContent(TokenBuilder(it)) }
             .build()
@@ -171,7 +171,7 @@ class ModelixJWTUtil {
     }
 
     fun extractPermissions(token: DecodedJWT): List<String>? {
-        return token.claims["permissions"]?.asList(String::class.java)
+        return token.claims[ModelixTokenConstants.PERMISSIONS]?.asList(String::class.java)
     }
 
     fun loadGrantedPermissions(token: DecodedJWT, evaluator: PermissionEvaluator) {
@@ -197,14 +197,14 @@ class ModelixJWTUtil {
     }
 
     fun extractUserId(jwt: DecodedJWT): String? {
-        return jwt.getClaim("email")?.asString()
-            ?: jwt.getClaim("preferred_username")?.asString()
+        return jwt.getClaim(KeycloakTokenConstants.EMAIL)?.asString()
+            ?: jwt.getClaim(KeycloakTokenConstants.PREFERRED_USERNAME)?.asString()
     }
 
     fun extractUserRoles(jwt: DecodedJWT): List<String> {
         val keycloakRoles = jwt
-            .getClaim("realm_access")?.asMap()
-            ?.get("roles")
+            .getClaim(KeycloakTokenConstants.REALM_ACCESS)?.asMap()
+            ?.get(KeycloakTokenConstants.REALM_ACCESS_ROLES)
             ?.let { it as? List<*> }
             ?.mapNotNull { it as? String }
             ?: emptyList()
diff --git a/authorization/src/main/kotlin/org/modelix/authorization/ModelixTokenConstants.kt b/authorization/src/main/kotlin/org/modelix/authorization/ModelixTokenConstants.kt
@@ -0,0 +1,5 @@
+package org.modelix.authorization
+
+object ModelixTokenConstants {
+    val PERMISSIONS = "permissions"
+}
diff --git a/authorization/src/test/kotlin/org/modelix/authorization/AccessControlDataTest.kt b/authorization/src/test/kotlin/org/modelix/authorization/AccessControlDataTest.kt
@@ -26,7 +26,7 @@ class AccessControlDataTest {
     @Test
     fun `can grant permissions to identity tokens`() {
         val token = JWT.create()
-            .withClaim("email", email)
+            .withClaim(KeycloakTokenConstants.EMAIL, email)
             .sign(Algorithm.HMAC256("unit-tests"))
             .let { JWT.decode(it) }
         val data = AccessControlData().withGrantToUser(email, PermissionParts("r1", "write").fullId)

Original file line number	Diff line number	Diff line change
`@@ -61,10 +61,6 @@ fun createModelixAccessToken(hmac512key: String, user: String, grantedPermission`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`
`64`		`-private fun Map<String, Any>?.readRolesArray(): List<String> {`
`65`		`- return this?.get("roles") as? List<String> ?: emptyList()`
`66`		`-}`
`67`		`-`
`68`	`64`	`fun ApplicationCall.getBearerToken(): String? {`
`69`	`65`	`val authHeader = request.parseAuthorizationHeader()`
`70`	`66`	`if (authHeader == null \|\| authHeader.authScheme != AuthScheme.Bearer) return null`