Remove extra unknown claims from JWT (#40)

* Preventative measure so we only use claims we define * The spreading of ...claims in the changeRole function was causing a stale activeRole to be included in the claims object. Not a bug yet, but was confusing when debugging what the active role actually was.
NASA-AMMOS · Aug 23, 2023 · 0037a40 · 0037a40
1 parent 105cbb7
commit 0037a40
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/src/packages/auth/functions.ts b/src/packages/auth/functions.ts
@@ -95,7 +95,6 @@ export function generateJwt(
   camToken: string,
   defaultRole: string,
   allowedRoles: string[],
-  otherClaims: Record<string, string | string[]> = {},
   activeRole?: string,
 ): string | null {
   try {
@@ -109,7 +108,6 @@ export function generateJwt(
         'x-hasura-allowed-roles': allowedRoles,
         'x-hasura-default-role': defaultRole,
         'x-hasura-user-id': username,
-        ...otherClaims,
       },
       username,
     };
@@ -331,19 +329,18 @@ export async function changeRole(
           'x-hasura-allowed-roles': allowedRoles,
           'x-hasura-default-role': defaultRole,
         },
-        ...claims
       } = jwtPayload;
       if (AUTH_TYPE === 'cam') {
         return {
           message: 'Role change successful',
           success: true,
-          token: generateJwt(username, camToken, defaultRole as string, allowedRoles as string[], claims, role),
+          token: generateJwt(username, camToken, defaultRole as string, allowedRoles as string[], role),
         };
       } else {
         return {
           message: 'Authentication is disabled',
           success: true,
-          token: generateJwt(username || 'unknown', '', defaultRole as string, allowedRoles as string[], {}, role),
+          token: generateJwt(username || 'unknown', '', defaultRole as string, allowedRoles as string[], role),
         };
       }
     } else {