Permit atom keys when verifying claims with EnsureAuthenticated (#696)

giddie · web-flow · commit 49702bc97bf1 · 2022-03-21T05:07:44.000-07:00
* Fix spec function name typo

* Ensure that claim keys and stringified in EnsureAuthenticated

* Satisfy Credo

* Bump version and update changelog

Co-authored-by: Paul Dann &lt;pgdann@gmail.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## v2.2.2
+
+### Enhancement
+
+* `Guardian.Plug.EnsureAuthenticated` will now accept atom keys in the map passed to the `claims` option.
+
 ## v2.2.1
 
 ### Enhancement
diff --git a/lib/guardian/plug/ensure_authenticated.ex b/lib/guardian/plug/ensure_authenticated.ex
@@ -71,7 +71,7 @@ if Code.ensure_loaded?(Plug) do
 
     @spec verify_claims(Guardian.Token.claims(), Keyword.t()) :: {:ok, Guardian.Token.claims()} | {:error, any}
     defp verify_claims(claims, opts) do
-      to_check = Keyword.get(opts, :claims)
+      to_check = opts |> Keyword.get(:claims) |> Guardian.stringify_keys()
       Guardian.Token.Verify.verify_literal_claims(claims, to_check, opts)
     end
   end
diff --git a/lib/guardian/token/verify.ex b/lib/guardian/token/verify.ex
@@ -88,7 +88,7 @@ defmodule Guardian.Token.Verify do
     end
   end
 
-  @spec verify_literal_claims(map(), binary(), [binary()] | binary()) ::
+  @spec verify_literal_claim(map(), binary(), [binary()] | binary()) ::
           {:ok, [binary()] | binary()} | {:error, binary()}
   defp verify_literal_claim(claims, key, value) do
     claim_value = Map.get(claims, key)
diff --git a/mix.exs b/mix.exs
@@ -2,7 +2,7 @@ defmodule Guardian.Mixfile do
   @moduledoc false
   use Mix.Project
 
-  @version "2.2.1"
+  @version "2.2.2"
   @url "https://github.com/ueberauth/guardian"
   @maintainers [
     "Daniel Neighman",
diff --git a/test/guardian/plug/ensure_authenticated_test.exs b/test/guardian/plug/ensure_authenticated_test.exs
@@ -37,7 +37,7 @@ defmodule Guardian.Plug.EnsureAuthenticatedTest do
   setup do
     impl = Impl
     handler = Handler
-    {:ok, token, claims} = Impl.encode_and_sign(@resource)
+    {:ok, token, claims} = Impl.encode_and_sign(@resource, %{custom: true})
     {:ok, %{claims: claims, conn: conn(:get, "/"), token: token, impl: impl, handler: handler}}
   end
 
@@ -82,7 +82,33 @@ defmodule Guardian.Plug.EnsureAuthenticatedTest do
 
       assert conn.halted
       assert conn.status == 401
-      assert {401, _, "{:unauthenticated, :no}"} = sent_resp(conn)
+      assert {401, _, "{:unauthenticated, \"no\"}"} = sent_resp(conn)
+    end
+
+    test "allows the plug to continue if the claims do match, with atom keys", ctx do
+      conn =
+        EnsureAuthenticated.call(
+          ctx.conn,
+          module: ctx.impl,
+          error_handler: ctx.handler,
+          claims: %{custom: true}
+        )
+
+      refute conn.halted
+      refute conn.status == 401
+    end
+
+    test "allows the plug to continue if the claims do match, with string keys", ctx do
+      conn =
+        EnsureAuthenticated.call(
+          ctx.conn,
+          module: ctx.impl,
+          error_handler: ctx.handler,
+          claims: %{"custom" => true}
+        )
+
+      refute conn.halted
+      refute conn.status == 401
     end
   end
 end
