Skip to content

Commit

Permalink
server/auth: fix panic when a malformed jwt with missing required cla…
Browse files Browse the repository at this point in the history 
…ims is encountered

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
  • Loading branch information
@adelowo @ArkaSaha30
adelowo authored and ArkaSaha30 committed Apr 4, 2023
1 parent 418010b commit 96d9c72
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions server/auth/jwt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf
// rev isn't used in JWT, it is only used in simple token
var (
username string
revision uint64
revision float64
)

parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
Expand Down Expand Up @@ -73,10 +73,19 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf
return nil, false
}

username = claims["username"].(string)
revision = uint64(claims["revision"].(float64))
username, ok = claims["username"].(string)
if !ok {
t.lg.Warn("failed to obtain user claims from jwt token")
return nil, false
}

revision, ok = claims["revision"].(float64)
if !ok {
t.lg.Warn("failed to obtain revision claims from jwt token")
return nil, false
}

return &AuthInfo{Username: username, Revision: revision}, true
return &AuthInfo{Username: username, Revision: uint64(revision)}, true
}

func (t *tokenJWT) assign(ctx context.Context, username string, revision uint64) (string, error) {
Expand Down

0 comments on commit 96d9c72

Please sign in to comment.