From 33cf04d3df09aa608ab78f46ed695259e0a2052b Mon Sep 17 00:00:00 2001 From: David Bottiau Date: Tue, 4 Jul 2023 16:13:35 +0200 Subject: [PATCH] feat(auth): add functions to read jwt value (#2215) --- lib/src/api/opt/auth.rs | 45 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/lib/src/api/opt/auth.rs b/lib/src/api/opt/auth.rs index 41a8e9d6..16f75b9a 100644 --- a/lib/src/api/opt/auth.rs +++ b/lib/src/api/opt/auth.rs @@ -83,10 +83,36 @@ pub struct Scope<'a, P> { impl Credentials for Scope<'_, P> where P: Serialize {} -/// A JSON Web Token for authenticating with the server +/// A JSON Web Token for authenticating with the server. +/// +/// This struct represents a JSON Web Token (JWT) that can be used for authentication purposes. +/// It is important to note that this implementation does not provide any security measures to +/// protect the token. +/// +/// You should take care to ensure that only authorized users have access to the JWT. +/// For example: +/// * it can be stored in a secure cookie, +/// * stored in a database with restricted access, +/// * or encrypted in conjunction with other encryption mechanisms. #[derive(Clone, Serialize, Deserialize)] pub struct Jwt(pub(crate) String); +impl Jwt { + /// Returns the underlying token string. + /// + /// ⚠️: It is important to note that the token should be handled securely and protected from unauthorized access. + pub fn as_insecure_token(&self) -> &str { + &self.0 + } + + /// Returns the underlying token string. + /// + /// ⚠️: It is important to note that the token should be handled securely and protected from unauthorized access. + pub fn into_insecure_token(self) -> String { + self.0 + } +} + impl From for Jwt { fn from(jwt: String) -> Self { Jwt(jwt) @@ -116,3 +142,20 @@ impl fmt::Debug for Jwt { write!(f, "Jwt(REDACTED)") } } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn as_insecure_token() { + let jwt = Jwt("super-long-jwt".to_owned()); + assert_eq!(jwt.as_insecure_token(), "super-long-jwt"); + } + + #[test] + fn into_insecure_token() { + let jwt = Jwt("super-long-jwt".to_owned()); + assert_eq!(jwt.into_insecure_token(), "super-long-jwt"); + } +}