Claims (#36)

aaron-steinfeld · web-flow · commit 1f5edb23646e · 2022-09-27T18:39:38.000-07:00
* feat: expose more request data

* docs: fix javadocs
diff --git a/grpc-context-utils/build.gradle.kts b/grpc-context-utils/build.gradle.kts
@@ -20,4 +20,7 @@ dependencies {
 
   testImplementation("org.junit.jupiter:junit-jupiter:5.8.2")
   testImplementation("org.mockito:mockito-core:4.4.0")
+  testImplementation("com.fasterxml.jackson.core:jackson-annotations:2.13.4")
+  testAnnotationProcessor("org.projectlombok:lombok:1.18.24")
+  testCompileOnly("org.projectlombok:lombok:1.18.24")
 }
diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/Jwt.java
@@ -1,6 +1,5 @@
 package org.hypertrace.core.grpcutils.context;
 
-import java.util.List;
 import java.util.Optional;
 
 interface Jwt {
@@ -12,5 +11,5 @@ interface Jwt {
 
   Optional<String> getEmail();
 
-  List<String> getRoles(String rolesClaim);
+  Optional<JwtClaim> getClaim(String claimName);
 }
diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtClaim.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtClaim.java
@@ -0,0 +1,24 @@
+package org.hypertrace.core.grpcutils.context;
+
+import java.util.List;
+import java.util.Optional;
+
+public interface JwtClaim {
+  /**
+   * Get this Claim as a List of type T
+   *
+   * @param <T> type
+   * @param tClazz the type class
+   * @return An Optional containing the converted list of values if conversion succeeds
+   */
+  <T> Optional<List<T>> asList(Class<T> tClazz);
+
+  /**
+   * Get this Claim as a custom type T.
+   *
+   * @param <T> type
+   * @param tClazz the type class
+   * @return An Optional containing the converted value if conversion succeeds
+   */
+  <T> Optional<T> as(Class<T> tClazz);
+}
diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/JwtParser.java
@@ -1,14 +1,16 @@
 package org.hypertrace.core.grpcutils.context;
 
 import com.auth0.jwt.JWT;
+import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
-import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
+import java.util.function.Predicate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -58,46 +60,60 @@ private DefaultJwt(DecodedJWT jwt) {
 
     @Override
     public Optional<String> getUserId() {
-      return Optional.ofNullable(jwt.getClaim(SUBJECT_CLAIM).asString());
+      return this.getClaim(SUBJECT_CLAIM).flatMap(claim -> claim.as(String.class));
     }
 
     @Override
     public Optional<String> getName() {
-      return Optional.ofNullable(jwt.getClaim(NAME_CLAIM).asString());
+      return this.getClaim(NAME_CLAIM).flatMap(claim -> claim.as(String.class));
     }
 
     @Override
     public Optional<String> getPictureUrl() {
-      return Optional.ofNullable(jwt.getClaim(PICTURE_CLAIM).asString());
+      return this.getClaim(PICTURE_CLAIM).flatMap(claim -> claim.as(String.class));
     }
 
     @Override
     public Optional<String> getEmail() {
-      return Optional.ofNullable(jwt.getClaim(EMAIL_CLAIM).asString());
+      return this.getClaim(EMAIL_CLAIM).flatMap(claim -> claim.as(String.class));
     }
 
     @Override
-    public List<String> getRoles(String rolesClaim) {
-      List<String> roles = jwt.getClaim(rolesClaim).asList(String.class);
-      if (roles == null || roles.isEmpty()) {
-        return Collections.emptyList();
-      }
-      return roles;
+    public Optional<JwtClaim> getClaim(String claimName) {
+      return Optional.of(jwt.getClaim(claimName))
+          .filter(Predicate.not(Claim::isNull))
+          .map(DefaultJwtClaim::new);
     }
 
     @Override
     public String toString() {
-      final String emptyValue = "{}";
-      return "DefaultJwt{"
-          + "userId="
-          + getUserId().orElse(emptyValue)
-          + ", name="
-          + getName().orElse(emptyValue)
-          + ", pictureUrl="
-          + getPictureUrl().orElse(emptyValue)
-          + ", email="
-          + getEmail().orElse(emptyValue)
-          + '}';
+      return jwt.getClaims().toString();
+    }
+  }
+
+  private static class DefaultJwtClaim implements JwtClaim {
+    private final Claim claim;
+
+    private DefaultJwtClaim(Claim claim) {
+      this.claim = claim;
+    }
+
+    @Override
+    public <T> Optional<List<T>> asList(Class<T> tClazz) {
+      try {
+        return Optional.ofNullable(claim.asList(tClazz)).map(List::copyOf);
+      } catch (Exception e) {
+        return Optional.empty();
+      }
+    }
+
+    @Override
+    public <T> Optional<T> as(Class<T> tClazz) throws JWTDecodeException {
+      try {
+        return Optional.ofNullable(claim.as(tClazz));
+      } catch (Exception e) {
+        return Optional.empty();
+      }
     }
   }
 }
diff --git a/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java b/grpc-context-utils/src/main/java/org/hypertrace/core/grpcutils/context/RequestContext.java
@@ -3,6 +3,7 @@
 import static org.hypertrace.core.grpcutils.context.RequestContextConstants.CACHE_MEANINGFUL_HEADERS;
 import static org.hypertrace.core.grpcutils.context.RequestContextConstants.TENANT_ID_HEADER_KEY;
 
+import com.google.common.collect.Maps;
 import io.grpc.Context;
 import io.grpc.Metadata;
 import java.nio.charset.StandardCharsets;
@@ -81,8 +82,15 @@ public Optional<String> getEmail() {
     return getJwt().flatMap(Jwt::getEmail);
   }
 
+  @Deprecated
   public List<String> getRoles(String rolesClaim) {
-    return getJwt().map(jwt -> jwt.getRoles(rolesClaim)).orElse(Collections.emptyList());
+    return getClaim(rolesClaim)
+        .flatMap(claim -> claim.asList(String.class))
+        .orElse(Collections.emptyList());
+  }
+
+  public Optional<JwtClaim> getClaim(String claimName) {
+    return getJwt().flatMap(jwt -> jwt.getClaim(claimName));
   }
 
   public Optional<String> getRequestId() {
@@ -175,12 +183,17 @@ public <T> ContextualKey<T> buildInternalContextualKey(T data) {
     return new DefaultContextualKey<>(this, data, List.of(TENANT_ID_HEADER_KEY));
   }
 
+  private Map<String, String> getHeadersOtherThanAuth() {
+    return Maps.filterKeys(
+        headers, key -> !key.equals(RequestContextConstants.AUTHORIZATION_HEADER));
+  }
+
   @Override
   public String toString() {
     final String emptyValue = "{}";
     return "RequestContext{"
         + "headers="
-        + headers
+        + getHeadersOtherThanAuth()
         + ", jwt="
         + getJwt().map(Jwt::toString).orElse(emptyValue)
         + '}';
diff --git a/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java b/grpc-context-utils/src/test/java/org/hypertrace/core/grpcutils/context/JwtParserTest.java
@@ -8,20 +8,19 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.collect.ImmutableList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import lombok.Value;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentMatchers;
 
 class JwtParserTest {
   private final String testJwt =
       "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJzdXBlcl91c2VyIiwidXNlciIsImJpbGxpbmdfYWRtaW4iXX0.lEDjPPCjr-Epv6pNslq-HK9vmxfstp1sY85GstlbU1I";
-  private final String emptyRolesJwt =
-      "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJodHRwczovL3RyYWNlYWJsZS5haS9yb2xlcyI6W119.sFUMZNyypj379xy5P4kqTbBXBOR5XvX2nhpKx6YiiwU";
-  private final String noRolesJwt =
-      "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20ifQ.Ui1Z2RhiVe3tq6uJPgcyjsfDBdeOeINs_gXEHC6cdpU";
   private final String testJwtUserId = "jrocket@example.com";
   private final String testJwtName = "Johnny Rocket";
   private final String testJwtPictureUrl = "www.example.com";
@@ -65,23 +64,59 @@ void testExtractBearerTokenReturnsEmptyOnMalformed() {
   }
 
   @Test
-  void testRolesCanBeParsedFromToken() {
+  void testClaimCanBeParsedFromToken() {
     JwtParser parser = new JwtParser();
     Optional<Jwt> jwt = parser.fromJwt(testJwt);
-    assertEquals(Optional.of(testRoles), jwt.map(j -> j.getRoles(testRolesClaim)));
+    assertEquals(
+        Optional.of(testRoles),
+        jwt.flatMap(j -> j.getClaim(testRolesClaim)).flatMap(claim -> claim.asList(String.class)));
   }
 
   @Test
-  void testRolesAreEmptyIfRolesArrayIsEmptyInJwt() {
+  void testCanParseObjectClaim() {
+    String jwtWithObjectArrayClaim =
+        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2MjEzNjM1OTcsImV4cCI6MTY1Mjg5OTU5NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJuYW1lIjoiSm9obm55IFJvY2tldCIsImVtYWlsIjoianJvY2tldEBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJ3d3cuZXhhbXBsZS5jb20iLCJyb2xlcyI6W3siaWQiOiJzdXBlcl91c2VyIiwidmFsdWVzIjpbXX0seyJpZCI6InVzZXIiLCJ2YWx1ZXMiOlsiZm9vIl19XX0.EJyZWwbfbCAS4NJdwURAsOewf8V6863D1ZqXGTVZigE";
+    /*
+      {
+        "iss": "Online JWT Builder",
+        "iat": 1621363597,
+        "exp": 1652899597,
+        "aud": "www.example.com",
+        "sub": "jrocket@example.com",
+        "GivenName": "Johnny",
+        "Surname": "Rocket",
+        "name": "Johnny Rocket",
+        "email": "jrocket@example.com",
+        "picture": "www.example.com",
+        "roles": [
+          {
+            "id": "super_user",
+            "values": []
+          },
+          {
+            "id": "user",
+            "values": [
+              "foo"
+            ]
+          }
+        ]
+      }
+    */
     JwtParser parser = new JwtParser();
-    Optional<Jwt> jwt = parser.fromJwt(emptyRolesJwt);
-    assertEquals(Optional.of(Collections.emptyList()), jwt.map(j -> j.getRoles(testRolesClaim)));
+    Optional<Jwt> jwt = parser.fromJwt(jwtWithObjectArrayClaim);
+
+    assertEquals(
+        Optional.of(
+            List.of(
+                new TestObject("super_user", List.of()), new TestObject("user", List.of("foo")))),
+        jwt.flatMap(j -> j.getClaim("roles")).flatMap(claim -> claim.asList(TestObject.class)));
   }
 
-  @Test
-  void testRolesAreEmptyIfRolesIfNoRolesClaimInToken() {
-    JwtParser parser = new JwtParser();
-    Optional<Jwt> jwt = parser.fromJwt(noRolesJwt);
-    assertEquals(Optional.of(Collections.emptyList()), jwt.map(j -> j.getRoles(testRolesClaim)));
+  @Value
+  @NoArgsConstructor(force = true)
+  @AllArgsConstructor
+  private static class TestObject {
+    @JsonProperty String id;
+    @JsonProperty List<String> values;
   }
 }
diff --git a/grpc-server-rx-utils/build.gradle.kts b/grpc-server-rx-utils/build.gradle.kts
@@ -10,8 +10,8 @@ dependencies {
   api("io.reactivex.rxjava3:rxjava:3.1.4")
   api("io.grpc:grpc-stub")
 
-  annotationProcessor("org.projectlombok:lombok:1.18.22")
-  compileOnly("org.projectlombok:lombok:1.18.22")
+  annotationProcessor("org.projectlombok:lombok:1.18.24")
+  compileOnly("org.projectlombok:lombok:1.18.24")
 
   implementation("org.slf4j:slf4j-api:1.7.36")
 
diff --git a/grpc-server-utils/build.gradle.kts b/grpc-server-utils/build.gradle.kts
@@ -21,8 +21,8 @@ dependencies {
   implementation(project(":grpc-context-utils"))
   implementation("org.slf4j:slf4j-api:1.7.36")
 
-  annotationProcessor("org.projectlombok:lombok:1.18.22")
-  compileOnly("org.projectlombok:lombok:1.18.22")
+  annotationProcessor("org.projectlombok:lombok:1.18.24")
+  compileOnly("org.projectlombok:lombok:1.18.24")
 
   testImplementation("org.junit.jupiter:junit-jupiter:5.8.2")
   testImplementation("org.mockito:mockito-core:4.4.0")

Original file line number	Diff line number	Diff line change
`@@ -20,4 +20,7 @@ dependencies {`
`20`	`20`
`21`	`21`	`testImplementation("org.junit.jupiter:junit-jupiter:5.8.2")`
`22`	`22`	`testImplementation("org.mockito:mockito-core:4.4.0")`
	`23`	`+ testImplementation("com.fasterxml.jackson.core:jackson-annotations:2.13.4")`
	`24`	`+ testAnnotationProcessor("org.projectlombok:lombok:1.18.24")`
	`25`	`+ testCompileOnly("org.projectlombok:lombok:1.18.24")`
`23`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`package org.hypertrace.core.grpcutils.context;`
`2`	`2`
`3`		`-import java.util.List;`
`4`	`3`	`import java.util.Optional;`
`5`	`4`
`6`	`5`	`interface Jwt {`
`@@ -12,5 +11,5 @@ interface Jwt {`
`12`	`11`
`13`	`12`	`Optional<String> getEmail();`
`14`	`13`
`15`		`- List<String> getRoles(String rolesClaim);`
	`14`	`+ Optional<JwtClaim> getClaim(String claimName);`
`16`	`15`	`}`