-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disallow parsing of token with none signature in authenticateToken #9172
Conversation
/pulsarbot run-failure-checks |
/pulsarbot run-failure-checks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems that many auth-related unit tests have failed
@315157973 Great catch! @nodece Can you add a flag to turn this validation on/off? |
5942092
to
a5b7ebd
Compare
/pulsarbot run-failure-checks |
1 similar comment
/pulsarbot run-failure-checks |
@hangc0276 |
@sijie |
/pulsarbot run-failure-checks |
3 similar comments
/pulsarbot run-failure-checks |
/pulsarbot run-failure-checks |
/pulsarbot run-failure-checks |
@nodece Please rebase the master branch |
a5b7ebd
to
7721023
Compare
/pulsarbot run-failure-checks |
7721023
to
71a484d
Compare
/pulsarbot run-failure-checks |
Signed-off-by: Zixuan Liu <nodeces@gmail.com>
71a484d
to
94247da
Compare
/pulsarbot run-failure-checks |
1 similar comment
/pulsarbot run-failure-checks |
All tests has been passed. |
@nodece Awesome contribution! |
…9172) Signed-off-by: Zixuan Liu <nodeces@gmail.com> ### Motivation If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). ### Modifications - using `parseClaimsJws` instead of `parse` `parseClaimsJws` can guarantees the correct security model for parsing signed JWTs. (cherry picked from commit 71bc841)
…pache#9172) Signed-off-by: Zixuan Liu <nodeces@gmail.com> ### Motivation If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). ### Modifications - using `parseClaimsJws` instead of `parse` `parseClaimsJws` can guarantees the correct security model for parsing signed JWTs.
…9172) Signed-off-by: Zixuan Liu <nodeces@gmail.com> ### Motivation If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). ### Modifications - using `parseClaimsJws` instead of `parse` `parseClaimsJws` can guarantees the correct security model for parsing signed JWTs. (cherry picked from commit 71bc841)
…pache#9172) Signed-off-by: Zixuan Liu <nodeces@gmail.com> ### Motivation If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). ### Modifications - using `parseClaimsJws` instead of `parse` `parseClaimsJws` can guarantees the correct security model for parsing signed JWTs. (cherry picked from commit 71bc841)
…pache#9172) Signed-off-by: Zixuan Liu <nodeces@gmail.com> ### Motivation If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). ### Modifications - using `parseClaimsJws` instead of `parse` `parseClaimsJws` can guarantees the correct security model for parsing signed JWTs. (cherry picked from commit 71bc841)
Signed-off-by: Zixuan Liu nodeces@gmail.com
Motivation
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).
Modifications
parseClaimsJws
instead ofparse
parseClaimsJws
can guarantees the correct security model for parsing signed JWTs.Verifying this change