fix(models): potential panic generating jti (#2669)

This ensures that at the time the JWT is generated for identity verification requests that a panic can't occur and instead an error will be returned.
This commit is contained in:
James Elliott 2021-12-04 15:48:22 +11:00 committed by GitHub
parent 5a223b5a56
commit c01759715c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 19 additions and 6 deletions

View File

@ -7,6 +7,7 @@ import (
"github.com/golang-jwt/jwt/v4" "github.com/golang-jwt/jwt/v4"
"github.com/golang/mock/gomock" "github.com/golang/mock/gomock"
"github.com/google/uuid"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
@ -35,7 +36,7 @@ func (s *HandlerRegisterU2FStep1Suite) TearDownTest() {
} }
func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) { func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) {
verification = models.NewIdentityVerification(username, action, ctx.Ctx.RemoteIP()) verification = models.NewIdentityVerification(uuid.New(), username, action, ctx.Ctx.RemoteIP())
verification.ExpiresAt = expiresAt verification.ExpiresAt = expiresAt

View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"github.com/golang-jwt/jwt/v4" "github.com/golang-jwt/jwt/v4"
"github.com/google/uuid"
"github.com/authelia/authelia/v4/internal/models" "github.com/authelia/authelia/v4/internal/models"
"github.com/authelia/authelia/v4/internal/templates" "github.com/authelia/authelia/v4/internal/templates"
@ -27,7 +28,14 @@ func IdentityVerificationStart(args IdentityVerificationStartArgs) RequestHandle
return return
} }
verification := models.NewIdentityVerification(identity.Username, args.ActionClaim, ctx.RemoteIP()) var jti uuid.UUID
if jti, err = uuid.NewUUID(); err != nil {
ctx.Error(err, messageOperationFailed)
return
}
verification := models.NewIdentityVerification(jti, identity.Username, args.ActionClaim, ctx.RemoteIP())
// Create the claim with the action to sign it. // Create the claim with the action to sign it.
claims := verification.ToIdentityVerificationClaim() claims := verification.ToIdentityVerificationClaim()

View File

@ -7,6 +7,7 @@ import (
"github.com/golang-jwt/jwt/v4" "github.com/golang-jwt/jwt/v4"
"github.com/golang/mock/gomock" "github.com/golang/mock/gomock"
"github.com/google/uuid"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
@ -166,7 +167,7 @@ func (s *IdentityVerificationFinishProcess) TearDownTest() {
} }
func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) { func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) {
verification = models.NewIdentityVerification(username, action, ctx.Ctx.RemoteIP()) verification = models.NewIdentityVerification(uuid.New(), username, action, ctx.Ctx.RemoteIP())
verification.ExpiresAt = expiresAt verification.ExpiresAt = expiresAt

View File

@ -9,9 +9,9 @@ import (
) )
// NewIdentityVerification creates a new IdentityVerification from a given username and action. // NewIdentityVerification creates a new IdentityVerification from a given username and action.
func NewIdentityVerification(username, action string, ip net.IP) (verification IdentityVerification) { func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP) (verification IdentityVerification) {
return IdentityVerification{ return IdentityVerification{
JTI: uuid.New(), JTI: jti,
IssuedAt: time.Now(), IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(5 * time.Minute), ExpiresAt: time.Now().Add(5 * time.Minute),
Action: action, Action: action,

View File

@ -279,7 +279,10 @@ func (p *SQLProvider) getEncryptionValue(ctx context.Context, name string) (valu
} }
func (p *SQLProvider) setNewEncryptionCheckValue(ctx context.Context, key *[32]byte, e sqlx.ExecerContext) (err error) { func (p *SQLProvider) setNewEncryptionCheckValue(ctx context.Context, key *[32]byte, e sqlx.ExecerContext) (err error) {
valueClearText := uuid.New() valueClearText, err := uuid.NewUUID()
if err != nil {
return err
}
value, err := utils.Encrypt([]byte(valueClearText.String()), key) value, err := utils.Encrypt([]byte(valueClearText.String()), key)
if err != nil { if err != nil {