This repository has been archived by the owner on Jun 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
More resilient JWT decoding in dev tools
Also better dependency checking/error messages. Now using the step crypto helper instead of manual decoding the token, which solves the base64 padding issues we were hitting with formatting a decoded token for inspection. Signed-off-by: Elliot Murphy <[email protected]>
- Loading branch information
Showing
3 changed files
with
74 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,25 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -e | ||
|
|
||
| USAGE='dc <docker-compose commands>' | ||
| DESCRIPTION=' | ||
| Convenience alias for docker-compose. | ||
| Dependencies: requires docker-compose command to be installed.' | ||
|
|
||
| function usage() { | ||
| echo "$USAGE" "$DESCRIPTION" >&2 | ||
| } | ||
|
|
||
| type docker-compose >/dev/null 2>&1 || { | ||
| echo >&2 "Error: docker-compose must be installed. Aborting." | ||
| usage | ||
| exit 1 | ||
| } | ||
| [ $# -eq 0 ] || { | ||
| usage | ||
| exit 1 | ||
| } | ||
|
|
||
| exec docker-compose $* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,27 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -e | ||
|
|
||
| USAGE='dca <docker-compose commands>' | ||
| DESCRIPTION=' | ||
| Layers in a docker-compose command for access to additional dev | ||
| containers. Specify any normal docker-compose command such as | ||
| run or build. | ||
| Dependencies: requires docker-compose command to be installed.' | ||
|
|
||
| function usage() { | ||
| echo "$USAGE" "$DESCRIPTION" >&2 | ||
| } | ||
|
|
||
| type docker-compose >/dev/null 2>&1 || { | ||
| echo >&2 "Error: docker-compose must be installed. Aborting." | ||
| usage | ||
| exit 1 | ||
| } | ||
| [ $# -eq 0 ] || { | ||
| usage | ||
| exit 1 | ||
| } | ||
|
|
||
| exec docker-compose -f docker-compose.yml -f docker-compose.admin.yml $* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,28 @@ | ||
| #!/bin/bash | ||
| set -e | ||
|
|
||
| USAGE='dump-token' | ||
| DESCRIPTION=' | ||
| Decodes a JWT from Haven GRC. | ||
| This is useful for inspecting the claims present in the token when | ||
| working on claim mappers in keycloak. | ||
| Dependencies: requires step command to be installed: try brew install step' | ||
|
|
||
| function usage() { | ||
| echo "$USAGE" "$DESCRIPTION" >&2 | ||
| } | ||
|
|
||
| type step >/dev/null 2>&1 || { | ||
| echo >&2 "Error: step cli must be installed. Aborting." | ||
| usage | ||
| exit 1 | ||
| } | ||
| [ $# -eq 0 ] || { | ||
| usage | ||
| exit 1 | ||
| } | ||
|
|
||
| TOKEN=`./get-token` | ||
| IFS=. read header payload signature <<<"${TOKEN}" | ||
| # echo length of payload is ${#payload} | ||
| # base64 strings should have = padding to make them a multiple of 3 | ||
| # since we extract a chunk from the middle of the JWT it has no padding | ||
| # we add padding as needed to avoid a warning from base64 decode command | ||
| padding="" | ||
| if (( ${#payload} % 3 == 1 )) | ||
| then | ||
| # echo "Adding a double =" | ||
| padding="=" | ||
| elif (( ${#payload} % 3 == 2 )) | ||
| then | ||
| # echo "Adding a double ==" | ||
| padding="==" | ||
| fi | ||
| printf "%s%s" $payload $padding|base64 --decode|jq . | ||
|
|
||
| echo ${TOKEN} | step crypto jwt inspect --insecure |