Add UserInfo.Token and comments

CERIT-SC · Oct 14, 2024 · 1c7033c · 1c7033c
1 parent 83f0303
commit 1c7033c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/server/auth.go b/server/auth.go
@@ -21,9 +21,17 @@ type Authentication struct {
 
 // Extracted info about the current user, which is exposed through Context.
 type UserInfo struct {
+	// Public users are non-authenticated, in case Funnel configuration does
+	// not require OIDC nor Basic authentication.
 	IsPublic bool
-	IsAdmin  bool
+	// Administrator is a Basic-authentication user with `Admin: true` property
+	// in the configuration file.
+	IsAdmin bool
+	// Username of an authenticated user (subject field from JWT).
 	Username string
+	// In case of OIDC authentication, the provided Bearer token, which can be
+	// used when requesting task input data.
+	Token string
 }
 
 // Context key type for storing UserInfo.
@@ -101,7 +109,7 @@ func (a *Authentication) Interceptor(
 		subject := a.oidc.ParseJwtSubject(jwtString)
 		authorized = subject != ""
 		if authorized {
-			ctx = context.WithValue(ctx, UserInfoKey, &UserInfo{Username: subject})
+			ctx = context.WithValue(ctx, UserInfoKey, &UserInfo{Username: subject, Token: jwtString})
 		}
 	}
 

diff --git a/tes/utils.go b/tes/utils.go
@@ -53,6 +53,9 @@ func Base64Decode(raw string) (*Task, error) {
 
 // ErrNotFound is returned when a task is not found.
 var ErrNotFound = errors.New("task not found")
+
+// ErrNotPermitted is returned when the owner of a task does not match the
+// current non-admin user.
 var ErrNotPermitted = errors.New("permission denied")
 
 // Shorthand for task views