Added cname support

corbado · Aug 30, 2024 · e913129 · e913129
1 parent 0800ee0
commit e913129
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 15 deletions.
diff --git a/src/main/java/com/corbado/entities/SessionValidationResult.java b/src/main/java/com/corbado/entities/SessionValidationResult.java
@@ -22,4 +22,16 @@ public class SessionValidationResult {
 
   /** The full name. */
   private String fullName;
+
+  /** The error. */
+  private Exception error;
+
+  /**
+   * Instantiates a new session validation result.
+   *
+   * @param error the error
+   */
+  public SessionValidationResult(final Exception error) {
+    this.error = error;
+  }
 }
diff --git a/src/main/java/com/corbado/sdk/Config.java b/src/main/java/com/corbado/sdk/Config.java
@@ -2,7 +2,9 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import org.apache.commons.lang3.StringUtils;
 import lombok.Getter;
+import lombok.NonNull;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 
@@ -16,6 +18,9 @@
 @Slf4j
 public class Config {
 
+  /** The Constant HTTPS. */
+  private static final String HTTPS = "https://";
+
   // Fields
 
   /** The Constant API_VERSION. */
@@ -58,13 +63,13 @@ public class Config {
    * @param projectId the project id
    * @param apiSecret the api secret
    */
-  public Config(final String projectId, final String apiSecret) {
+  public Config(@NonNull final String projectId, @NonNull final String apiSecret) {
 
     setProjectId(projectId); // set and validate
     setApiSecret(apiSecret);
 
     // default values
-    setFrontendApi("https://" + projectId + ".frontendapi.corbado.io");
+    setFrontendApi(HTTPS + projectId + ".frontendapi.corbado.io");
     setIssuer(this.frontendApi);
   }
 
@@ -75,9 +80,37 @@ public Config(final String projectId, final String apiSecret) {
    * @param apiSecret the api secret
    * @param backendApi the backend api
    */
-  public Config(final String projectId, final String apiSecret, final String backendApi) {
+  public Config(
+      @NonNull final String projectId,
+      @NonNull final String apiSecret,
+      @NonNull final String backendApi) {
+    this(projectId, apiSecret);
+    setBackendApi(backendApi);
+  }
+
+  /**
+   * Instantiates a new config.
+   *
+   * @param projectId the project id
+   * @param apiSecret the api secret
+   * @param backendApi the backend api
+   * @param cname the cname
+   */
+  public Config(
+      @NonNull final String projectId,
+      @NonNull final String apiSecret,
+      @NonNull final String backendApi,
+      @NonNull String cname) {
+
     this(projectId, apiSecret);
     setBackendApi(backendApi);
+    if (StringUtils.isNotEmpty(cname)) {
+      if (!StringUtils.startsWith(cname, HTTPS)) {
+        cname = HTTPS + cname;
+      }
+      // Override issuer if cname is present
+      setIssuer(cname);
+    }
   }
 
   // Getters and Setters
@@ -87,7 +120,8 @@ public Config(final String projectId, final String apiSecret, final String backe
    * @param apiSecret the new api secret
    * @throws IllegalArgumentException If the API secret does not start with "corbado1_".
    */
-  public void setApiSecret(final String apiSecret) {
+  public void setApiSecret(String apiSecret) {
+    apiSecret = StringUtils.trim(apiSecret);
     if (!apiSecret.startsWith(API_SERCRET_PREFIX)) {
       throw new IllegalArgumentException(
           "Invalid API Secret, must start with 'corbado1_', but was: " + apiSecret);
@@ -101,7 +135,8 @@ public void setApiSecret(final String apiSecret) {
    * @param backendApi the new backend api
    * @throws IllegalArgumentException If the URL is invalid.
    */
-  public void setBackendApi(final String backendApi) {
+  public void setBackendApi(String backendApi) {
+    backendApi = StringUtils.trim(backendApi);
     try {
       new URL(backendApi); // Validate URL syntax
     } catch (final MalformedURLException e) {
@@ -117,7 +152,8 @@ public void setBackendApi(final String backendApi) {
    * @param frontendApi the new frontend api
    * @throws IllegalArgumentException If the URL is invalid.
    */
-  public void setFrontendApi(final String frontendApi) {
+  public void setFrontendApi(String frontendApi) {
+    frontendApi = StringUtils.trim(frontendApi);
     try {
       new URL(frontendApi); // Validate URL syntax
     } catch (final MalformedURLException e) {
@@ -132,7 +168,8 @@ public void setFrontendApi(final String frontendApi) {
    * @param projectId the new project id
    * @throws IllegalArgumentException If the project Id does not start with "pro-".
    */
-  public void setProjectId(final String projectId) {
+  public void setProjectId(String projectId) {
+    projectId = StringUtils.trim(projectId);
     if (!projectId.startsWith(PROJECT_ID_PREFIX)) {
       throw new IllegalArgumentException(
           "Invalid project ID, must start with 'pro-', but was: " + projectId);

diff --git a/src/main/java/com/corbado/services/SessionService.java b/src/main/java/com/corbado/services/SessionService.java
@@ -8,6 +8,7 @@
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.IncorrectClaimException;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.corbado.entities.SessionValidationResult;
@@ -134,24 +135,34 @@ private SessionValidationResult getAndValidateUserFromShortSessionValue(
 
       // Verify and decode the JWT using the signing key
       final Algorithm algorithm = Algorithm.RSA256(publicKey);
-      final JWTVerifier verifier = JWT.require(algorithm).build();
+      final JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build();
       decodedJwt = verifier.verify(shortSession);
 
-      // Verify issuer
-      if (!StringUtils.equals(decodedJwt.getClaim("iss").asString(), this.issuer)) {
-        setIssuerMismatchError(decodedJwt.getClaim("iss").asString());
-        return new SessionValidationResult();
-      }
-
       return SessionValidationResult.builder()
           .authenticated(true)
           .fullName(decodedJwt.getClaim("name").asString())
           .userID(decodedJwt.getClaim("sub").asString())
           .build();
 
+    } catch (final IncorrectClaimException e) {
+      // Be careful of the case where issuer does not match. You have probably forgotten to set
+      // the cname in config class.
+      if (StringUtils.equals(e.getClaimName(), "iss")) {
+        final String message =
+            e.getMessage()
+                + "Be careful of the case where issuer does not match. You have probably forgotten to set the cname in config class.";
+        final IncorrectClaimException exception =
+            new IncorrectClaimException(message, e.getClaimName(), e.getClaimValue());
+
+        setValidationError(exception);
+        return new SessionValidationResult(exception);
+      }
+      setValidationError(e);
+      return new SessionValidationResult(e);
+
     } catch (final JwkException | JWTVerificationException e) {
       setValidationError(e);
-      return new SessionValidationResult();
+      return new SessionValidationResult(e);
     }
   }