mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
fix(models): potential panic generating jti (#2669)
This ensures that at the time the JWT is generated for identity verification requests that a panic can't occur and instead an error will be returned.
This commit is contained in:
parent
5a223b5a56
commit
c01759715c
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
|
@ -35,7 +36,7 @@ func (s *HandlerRegisterU2FStep1Suite) TearDownTest() {
|
|||
}
|
||||
|
||||
func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) {
|
||||
verification = models.NewIdentityVerification(username, action, ctx.Ctx.RemoteIP())
|
||||
verification = models.NewIdentityVerification(uuid.New(), username, action, ctx.Ctx.RemoteIP())
|
||||
|
||||
verification.ExpiresAt = expiresAt
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/google/uuid"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/models"
|
||||
"github.com/authelia/authelia/v4/internal/templates"
|
||||
|
@ -27,7 +28,14 @@ func IdentityVerificationStart(args IdentityVerificationStartArgs) RequestHandle
|
|||
return
|
||||
}
|
||||
|
||||
verification := models.NewIdentityVerification(identity.Username, args.ActionClaim, ctx.RemoteIP())
|
||||
var jti uuid.UUID
|
||||
|
||||
if jti, err = uuid.NewUUID(); err != nil {
|
||||
ctx.Error(err, messageOperationFailed)
|
||||
return
|
||||
}
|
||||
|
||||
verification := models.NewIdentityVerification(jti, identity.Username, args.ActionClaim, ctx.RemoteIP())
|
||||
|
||||
// Create the claim with the action to sign it.
|
||||
claims := verification.ToIdentityVerificationClaim()
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
|
||||
|
@ -166,7 +167,7 @@ func (s *IdentityVerificationFinishProcess) TearDownTest() {
|
|||
}
|
||||
|
||||
func createToken(ctx *mocks.MockAutheliaCtx, username, action string, expiresAt time.Time) (data string, verification models.IdentityVerification) {
|
||||
verification = models.NewIdentityVerification(username, action, ctx.Ctx.RemoteIP())
|
||||
verification = models.NewIdentityVerification(uuid.New(), username, action, ctx.Ctx.RemoteIP())
|
||||
|
||||
verification.ExpiresAt = expiresAt
|
||||
|
||||
|
|
|
@ -9,9 +9,9 @@ import (
|
|||
)
|
||||
|
||||
// NewIdentityVerification creates a new IdentityVerification from a given username and action.
|
||||
func NewIdentityVerification(username, action string, ip net.IP) (verification IdentityVerification) {
|
||||
func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP) (verification IdentityVerification) {
|
||||
return IdentityVerification{
|
||||
JTI: uuid.New(),
|
||||
JTI: jti,
|
||||
IssuedAt: time.Now(),
|
||||
ExpiresAt: time.Now().Add(5 * time.Minute),
|
||||
Action: action,
|
||||
|
|
|
@ -279,7 +279,10 @@ func (p *SQLProvider) getEncryptionValue(ctx context.Context, name string) (valu
|
|||
}
|
||||
|
||||
func (p *SQLProvider) setNewEncryptionCheckValue(ctx context.Context, key *[32]byte, e sqlx.ExecerContext) (err error) {
|
||||
valueClearText := uuid.New()
|
||||
valueClearText, err := uuid.NewUUID()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
value, err := utils.Encrypt([]byte(valueClearText.String()), key)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue
Block a user