Update to Vapor 4 GM (#119)

* Update JWT for Vapor GM branch. The tests now additionally verify that the guard middleware works as intended. * Update CI workflow (#120) * from 4.0.0 tag Co-authored-by: tanner0101 <me@tanner.xyz>
vapor · Apr 9, 2020 · 8c1681e · 8c1681e
1 parent 1446c1b
commit 8c1681e
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 17 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,17 +2,20 @@ name: test
 on:
 - pull_request
 jobs:
-  jwt_xenial:
-    container: 
-      image: vapor/swift:5.2-xenial
-    runs-on: ubuntu-latest
+  jwt_macos:
+    runs-on: macos-latest
     steps:
-    - uses: actions/checkout@v1
+    - run: sudo xcode-select -s /Applications/Xcode_11.4.app/Contents/Developer
+    - uses: actions/checkout@v2
     - run: swift test --enable-test-discovery --sanitize=thread
-  jwt_bionic:
+  jwt_ubuntu:
+    strategy:
+      fail-fast: false
+      matrix:
+        base: ['xenial', 'bionic']
     container: 
-      image: vapor/swift:5.2-bionic
+      image: vapor/swift:5.2-${{ matrix.base }}-ci
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - run: swift test --enable-test-discovery --sanitize=thread
diff --git a/Package.swift b/Package.swift
@@ -11,7 +11,7 @@ let package = Package(
     ],
     dependencies: [
         .package(url: "https://github.com/vapor/jwt-kit.git", from: "4.0.0-rc.1"),
-        .package(url: "https://github.com/vapor/vapor.git", from: "4.0.0-rc.1"),
+        .package(url: "https://github.com/vapor/vapor.git", from: "4.0.0"),
     ],
     targets: [
         .target(name: "JWT", dependencies: [

diff --git a/Sources/JWT/JWTAuthenticator.swift b/Sources/JWT/JWTAuthenticator.swift
@@ -2,11 +2,11 @@ import Vapor
 
 public protocol JWTAuthenticator: BearerAuthenticator {
     associatedtype Payload: JWTPayload
-    func authenticate(jwt: Payload, for request: Request) -> EventLoopFuture<User?>
+    func authenticate(jwt: Payload, for request: Request) -> EventLoopFuture<Void>
 }
 
 extension JWTAuthenticator {
-    public func authenticate(bearer: BearerAuthorization, for request: Request) -> EventLoopFuture<User?> {
+    public func authenticate(bearer: BearerAuthorization, for request: Request) -> EventLoopFuture<Void> {
         do {
             return try self.authenticate(
                 jwt: request.jwt.verify([UInt8](bearer.token.utf8)),

diff --git a/Tests/JWTTests/JWTTests.swift b/Tests/JWTTests/JWTTests.swift
@@ -78,9 +78,15 @@ class JWTKitTests: XCTestCase {
 
         // middleware-based authentication
         // using req.auth.require
-        let secure = app.grouped(UserAuthenticator().middleware())
-        secure.get("me") { req in
-            try req.auth.require(TestUser.self)
+        let secure = app.grouped(UserAuthenticator(), TestUser.guardMiddleware())
+        secure.get("me") { req -> TestUser in
+            if let user = req.auth.get(TestUser.self) {
+                return user
+            } else {
+                // throw something other than unauthorized to prove the guard middleware let us get here (it shouldn't)
+                XCTFail("Shouldn't get here if the guard middleware is working.")
+                throw Abort(.internalServerError)
+            }
         }
 
         // stores the token created during login
@@ -110,6 +116,15 @@ class JWTKitTests: XCTestCase {
             }
         }
 
+        // token from same signer but for a different user
+        // this tests that the guard middleware catches the failure to auth before it reaches the route handler
+        let wrongNameToken = try app.jwt.signers.sign(TestUser(name: "bob"))
+        try app.testable().test(
+            .GET, "me", headers: ["authorization": "Bearer \(wrongNameToken)"]
+        ) { res in
+            XCTAssertEqual(res.status, .unauthorized)
+        }
+
         // create a token from a different signer
         let fakeToken = try JWTSigner.es256(key: .generate()).sign(TestUser(name: "bob"))
         try app.testable().test(
@@ -189,10 +204,13 @@ struct TestUser: Content, Authenticatable, JWTPayload {
 }
 
 struct UserAuthenticator: JWTAuthenticator {
-    typealias User = TestUser
     typealias Payload = TestUser
 
-    func authenticate(jwt: TestUser, for request: Request) -> EventLoopFuture<TestUser?> {
-        return request.eventLoop.makeSucceededFuture(jwt)
+    func authenticate(jwt: TestUser, for request: Request) -> EventLoopFuture<Void> {
+        if jwt.name == "foo" {
+            // Requiring this specific username makes the test for the guard middleware in testMiddleware() valid.
+            request.auth.login(jwt)
+        }
+        return request.eventLoop.makeSucceededFuture(())
     }
 }