fix: missing fields from session result JWT

privacybydesign · Aug 7, 2019 · 6d25eaa · 6d25eaa
1 parent 5578f2e
commit 6d25eaa
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 33 deletions.
diff --git a/internal/servercore/sessions.go b/internal/servercore/sessions.go
@@ -155,10 +155,10 @@ func (s *Server) newSession(action irma.Action, request irma.RequestorRequest) *
 		conf:        s.conf,
 		sessions:    s.sessions,
 		result: &server.SessionResult{
-			Legacy: request.SessionRequest().Base().Legacy(),
-			Token:  token,
-			Type:   action,
-			Status: server.StatusInitialized,
+			LegacySession: request.SessionRequest().Base().Legacy(),
+			Token:         token,
+			Type:          action,
+			Status:        server.StatusInitialized,
 		},
 	}
 

diff --git a/server/api.go b/server/api.go
@@ -84,7 +84,7 @@ type SessionResult struct {
 	Signature   *irma.SignedMessage          `json:"signature,omitempty"`
 	Err         *irma.RemoteError            `json:"error,omitempty"`
 
-	Legacy bool `json:"-"` // true if request was started with legacy (i.e. pre-condiscon) session request
+	LegacySession bool `json:"-"` // true if request was started with legacy (i.e. pre-condiscon) session request
 }
 
 // Status is the status of an IRMA session.
@@ -99,25 +99,23 @@ const (
 )
 
 // Remove this when dropping support for legacy pre-condiscon session requests
-func (r *SessionResult) MarshalJSON() ([]byte, error) {
-	if !r.Legacy {
-		type tmpSessionResult SessionResult
-		return json.Marshal((*tmpSessionResult)(r))
-	}
+type LegacySessionResult struct {
+	Token       string                     `json:"token"`
+	Status      Status                     `json:"status"`
+	Type        irma.Action                `json:"type"`
+	ProofStatus irma.ProofStatus           `json:"proofStatus,omitempty"`
+	Disclosed   []*irma.DisclosedAttribute `json:"disclosed,omitempty"`
+	Signature   *irma.SignedMessage        `json:"signature,omitempty"`
+	Err         *irma.RemoteError          `json:"error,omitempty"`
+}
 
+// Remove this when dropping support for legacy pre-condiscon session requests
+func (r *SessionResult) Legacy() *LegacySessionResult {
 	var disclosed []*irma.DisclosedAttribute
 	for _, l := range r.Disclosed {
 		disclosed = append(disclosed, l[0])
 	}
-	return json.Marshal(struct {
-		Token       string                     `json:"token"`
-		Status      Status                     `json:"status"`
-		Type        irma.Action                `json:"type"'`
-		ProofStatus irma.ProofStatus           `json:"proofStatus,omitempty"`
-		Disclosed   []*irma.DisclosedAttribute `json:"disclosed,omitempty"`
-		Signature   *irma.SignedMessage        `json:"signature,omitempty"`
-		Err         *irma.RemoteError          `json:"error,omitempty"`
-	}{r.Token, r.Status, r.Type, r.ProofStatus, disclosed, r.Signature, r.Err})
+	return &LegacySessionResult{r.Token, r.Status, r.Type, r.ProofStatus, disclosed, r.Signature, r.Err}
 }
 
 func (conf *Configuration) PrivateKey(id irma.IssuerIdentifier) (sk *gabi.PrivateKey, err error) {

diff --git a/server/requestorserver/server.go b/server/requestorserver/server.go
@@ -387,7 +387,11 @@ func (s *Server) handleResult(w http.ResponseWriter, r *http.Request) {
 		server.WriteError(w, server.ErrorSessionUnknown, "")
 		return
 	}
-	server.WriteJson(w, res)
+	if res.LegacySession {
+		server.WriteJson(w, res.Legacy())
+	} else {
+		server.WriteJson(w, res)
+	}
 }
 
 func (s *Server) handleJwtResult(w http.ResponseWriter, r *http.Request) {
@@ -495,20 +499,25 @@ func (s *Server) handlePublicKey(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *Server) resultJwt(sessionresult *server.SessionResult) (string, error) {
-	claims := struct {
-		jwt.StandardClaims
-		*server.SessionResult
-	}{
-		StandardClaims: jwt.StandardClaims{
-			Issuer:   s.conf.JwtIssuer,
-			IssuedAt: time.Now().Unix(),
-			Subject:  string(sessionresult.Type) + "_result",
-		},
-		SessionResult: sessionresult,
+	standardclaims := jwt.StandardClaims{
+		Issuer:   s.conf.JwtIssuer,
+		IssuedAt: time.Now().Unix(),
+		Subject:  string(sessionresult.Type) + "_result",
 	}
 	validity := s.irmaserv.GetRequest(sessionresult.Token).Base().ResultJwtValidity
-	if validity != 0 {
-		claims.ExpiresAt = time.Now().Unix() + int64(validity)
+	standardclaims.ExpiresAt = time.Now().Unix() + int64(validity)
+
+	var claims jwt.Claims
+	if sessionresult.LegacySession {
+		claims = struct {
+			jwt.StandardClaims
+			*server.LegacySessionResult
+		}{standardclaims, sessionresult.Legacy()}
+	} else {
+		claims = struct {
+			jwt.StandardClaims
+			*server.SessionResult
+		}{standardclaims, sessionresult}
 	}
 
 	// Sign the jwt and return it

diff --git a/version.go b/version.go
@@ -7,7 +7,7 @@ package irma
 import "github.com/timshannon/bolthold"
 
 // Version of the IRMA command line and libraries
-const Version = "0.3.0"
+const Version = "0.3.1"
 
 // go-atum requires a version of bolthold newer than the latest release v1.1, but go-atum does not
 // use dep, so by default dep fetches v1.1 which breaks the build. We make bolthold an explicit