Fix XSRFIgnoreMethods passing in v2

go-pkgz · Dec 8, 2024 · 8734b99 · 8734b99
1 parent 59656e4
commit 8734b99
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 19 deletions.
diff --git a/v2/auth.go b/v2/auth.go
@@ -99,24 +99,25 @@ func NewService(opts Opts) (res *Service) {
 	}
 
 	jwtService := token.NewService(token.Opts{
-		SecretReader:    opts.SecretReader,
-		ClaimsUpd:       opts.ClaimsUpd,
-		SecureCookies:   opts.SecureCookies,
-		TokenDuration:   opts.TokenDuration,
-		CookieDuration:  opts.CookieDuration,
-		DisableXSRF:     opts.DisableXSRF,
-		DisableIAT:      opts.DisableIAT,
-		JWTCookieName:   opts.JWTCookieName,
-		JWTCookieDomain: opts.JWTCookieDomain,
-		JWTHeaderKey:    opts.JWTHeaderKey,
-		XSRFCookieName:  opts.XSRFCookieName,
-		XSRFHeaderKey:   opts.XSRFHeaderKey,
-		SendJWTHeader:   opts.SendJWTHeader,
-		JWTQuery:        opts.JWTQuery,
-		Issuer:          res.issuer,
-		AudienceReader:  opts.AudienceReader,
-		AudSecrets:      opts.AudSecrets,
-		SameSite:        opts.SameSiteCookie,
+		SecretReader:      opts.SecretReader,
+		ClaimsUpd:         opts.ClaimsUpd,
+		SecureCookies:     opts.SecureCookies,
+		TokenDuration:     opts.TokenDuration,
+		CookieDuration:    opts.CookieDuration,
+		DisableXSRF:       opts.DisableXSRF,
+		DisableIAT:        opts.DisableIAT,
+		JWTCookieName:     opts.JWTCookieName,
+		JWTCookieDomain:   opts.JWTCookieDomain,
+		JWTHeaderKey:      opts.JWTHeaderKey,
+		XSRFCookieName:    opts.XSRFCookieName,
+		XSRFHeaderKey:     opts.XSRFHeaderKey,
+		XSRFIgnoreMethods: opts.XSRFIgnoreMethods,
+		SendJWTHeader:     opts.SendJWTHeader,
+		JWTQuery:          opts.JWTQuery,
+		Issuer:            res.issuer,
+		AudienceReader:    opts.AudienceReader,
+		AudSecrets:        opts.AudSecrets,
+		SameSite:          opts.SameSiteCookie,
 	})
 
 	if opts.SecretReader == nil {

diff --git a/v2/token/jwt.go b/v2/token/jwt.go
@@ -104,7 +104,7 @@ func NewService(opts Opts) *Service {
 	setDefault(&res.JWTCookieDomain, defaultJWTCookieDomain)
 
 	if opts.XSRFIgnoreMethods == nil {
-		opts.XSRFIgnoreMethods = defaultXSRFIgnoreMethods
+		res.XSRFIgnoreMethods = defaultXSRFIgnoreMethods
 	}
 
 	if opts.TokenDuration == 0 {

diff --git a/v2/token/jwt_test.go b/v2/token/jwt_test.go
@@ -54,17 +54,22 @@ func TestJWT_NewDefault(t *testing.T) {
 	assert.Equal(t, defaultJWTHeaderKey, j.JWTHeaderKey)
 	assert.Equal(t, defaultXSRFCookieName, j.XSRFCookieName)
 	assert.Equal(t, defaultXSRFHeaderKey, j.XSRFHeaderKey)
+	assert.Equal(t, defaultXSRFIgnoreMethods, j.XSRFIgnoreMethods)
 	assert.Equal(t, defaultIssuer, j.Issuer)
 }
 
 func TestJWT_NewNotDefault(t *testing.T) {
+	var xsrfCustomIgnoreMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace}
+
 	j := NewService(Opts{JWTCookieName: jwtCustomCookieName, JWTHeaderKey: jwtCustomHeaderKey, JWTCookieDomain: "blah.com",
 		XSRFCookieName: xsrfCustomCookieName, XSRFHeaderKey: xsrfCustomHeaderKey, Issuer: "i1",
+		XSRFIgnoreMethods: xsrfCustomIgnoreMethods,
 	})
 	assert.Equal(t, jwtCustomCookieName, j.JWTCookieName)
 	assert.Equal(t, jwtCustomHeaderKey, j.JWTHeaderKey)
 	assert.Equal(t, xsrfCustomCookieName, j.XSRFCookieName)
 	assert.Equal(t, xsrfCustomHeaderKey, j.XSRFHeaderKey)
+	assert.Equal(t, xsrfCustomIgnoreMethods, j.XSRFIgnoreMethods)
 	assert.Equal(t, "i1", j.Issuer)
 	assert.Equal(t, "blah.com", j.JWTCookieDomain)
 }