mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
fix(storage): don't check exp against time using sql (#2676)
This is already checked by JWT validation. There is no need and it's leading to timezone issues. Fixes #2672
This commit is contained in:
parent
09fbffa3ac
commit
5a223b5a56
|
@ -51,6 +51,8 @@ func (ip *IP) Scan(src interface{}) (err error) {
|
|||
switch v := src.(type) {
|
||||
case string:
|
||||
value = v
|
||||
case []byte:
|
||||
value = string(v)
|
||||
default:
|
||||
return fmt.Errorf("invalid type %T for IP %v", src, src)
|
||||
}
|
||||
|
@ -86,6 +88,8 @@ func (ip *NullIP) Scan(src interface{}) (err error) {
|
|||
switch v := src.(type) {
|
||||
case string:
|
||||
value = v
|
||||
case []byte:
|
||||
value = string(v)
|
||||
default:
|
||||
return fmt.Errorf("invalid type %T for NullIP %v", src, src)
|
||||
}
|
||||
|
|
|
@ -33,9 +33,9 @@ func NewSQLProvider(config *schema.Configuration, name, driverName, dataSourceNa
|
|||
sqlInsertAuthenticationAttempt: fmt.Sprintf(queryFmtInsertAuthenticationLogEntry, tableAuthenticationLogs),
|
||||
sqlSelectAuthenticationAttemptsByUsername: fmt.Sprintf(queryFmtSelect1FAAuthenticationLogEntryByUsername, tableAuthenticationLogs),
|
||||
|
||||
sqlInsertIdentityVerification: fmt.Sprintf(queryFmtInsertIdentityVerification, tableIdentityVerification),
|
||||
sqlConsumeIdentityVerification: fmt.Sprintf(queryFmtConsumeIdentityVerification, tableIdentityVerification),
|
||||
sqlSelectExistsIdentityVerification: fmt.Sprintf(queryFmtSelectExistsIdentityVerification, tableIdentityVerification),
|
||||
sqlInsertIdentityVerification: fmt.Sprintf(queryFmtInsertIdentityVerification, tableIdentityVerification),
|
||||
sqlConsumeIdentityVerification: fmt.Sprintf(queryFmtConsumeIdentityVerification, tableIdentityVerification),
|
||||
sqlSelectIdentityVerification: fmt.Sprintf(queryFmtSelectIdentityVerification, tableIdentityVerification),
|
||||
|
||||
sqlUpsertTOTPConfig: fmt.Sprintf(queryFmtUpsertTOTPConfiguration, tableTOTPConfigurations),
|
||||
sqlDeleteTOTPConfig: fmt.Sprintf(queryFmtDeleteTOTPConfiguration, tableTOTPConfigurations),
|
||||
|
@ -90,9 +90,9 @@ type SQLProvider struct {
|
|||
sqlSelectAuthenticationAttemptsByUsername string
|
||||
|
||||
// Table: identity_verification.
|
||||
sqlInsertIdentityVerification string
|
||||
sqlConsumeIdentityVerification string
|
||||
sqlSelectExistsIdentityVerification string
|
||||
sqlInsertIdentityVerification string
|
||||
sqlConsumeIdentityVerification string
|
||||
sqlSelectIdentityVerification string
|
||||
|
||||
// Table: totp_configurations.
|
||||
sqlUpsertTOTPConfig string
|
||||
|
@ -245,11 +245,21 @@ func (p *SQLProvider) ConsumeIdentityVerification(ctx context.Context, jti strin
|
|||
|
||||
// FindIdentityVerification checks if an identity verification record is in the database and active.
|
||||
func (p *SQLProvider) FindIdentityVerification(ctx context.Context, jti string) (found bool, err error) {
|
||||
if err = p.db.GetContext(ctx, &found, p.sqlSelectExistsIdentityVerification, jti); err != nil {
|
||||
verification := models.IdentityVerification{}
|
||||
if err = p.db.GetContext(ctx, &verification, p.sqlSelectIdentityVerification, jti); err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
return false, fmt.Errorf("error selecting identity verification exists: %w", err)
|
||||
}
|
||||
|
||||
return found, nil
|
||||
switch {
|
||||
case verification.Consumed != nil, verification.ExpiresAt.Before(time.Now()):
|
||||
return false, nil
|
||||
default:
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
|
||||
// SaveTOTPConfiguration save a TOTP configuration of a given user in the database.
|
||||
|
|
|
@ -36,7 +36,7 @@ func NewPostgreSQLProvider(config *schema.Configuration) (provider *PostgreSQLPr
|
|||
provider.sqlFmtRenameTable = provider.db.Rebind(provider.sqlFmtRenameTable)
|
||||
provider.sqlSelectPreferred2FAMethod = provider.db.Rebind(provider.sqlSelectPreferred2FAMethod)
|
||||
provider.sqlSelectUserInfo = provider.db.Rebind(provider.sqlSelectUserInfo)
|
||||
provider.sqlSelectExistsIdentityVerification = provider.db.Rebind(provider.sqlSelectExistsIdentityVerification)
|
||||
provider.sqlSelectIdentityVerification = provider.db.Rebind(provider.sqlSelectIdentityVerification)
|
||||
provider.sqlInsertIdentityVerification = provider.db.Rebind(provider.sqlInsertIdentityVerification)
|
||||
provider.sqlConsumeIdentityVerification = provider.db.Rebind(provider.sqlConsumeIdentityVerification)
|
||||
provider.sqlSelectTOTPConfig = provider.db.Rebind(provider.sqlSelectTOTPConfig)
|
||||
|
|
|
@ -56,12 +56,10 @@ const (
|
|||
)
|
||||
|
||||
const (
|
||||
queryFmtSelectExistsIdentityVerification = `
|
||||
SELECT EXISTS (
|
||||
SELECT id
|
||||
FROM %s
|
||||
WHERE jti = ? AND exp > CURRENT_TIMESTAMP AND consumed IS NULL
|
||||
);`
|
||||
queryFmtSelectIdentityVerification = `
|
||||
SELECT id, jti, iat, issued_ip, exp, username, action, consumed, consumed_ip
|
||||
FROM %s
|
||||
WHERE jti = ?;`
|
||||
|
||||
queryFmtInsertIdentityVerification = `
|
||||
INSERT INTO %s (jti, iat, issued_ip, exp, username, action)
|
||||
|
|
Loading…
Reference in New Issue
Block a user