-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Don't record the user claims of invalid tokens #5897
Conversation
Signed-off-by: Mark Pim <j.mark.pim@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #5897 +/- ##
==========================================
+ Coverage 40.91% 40.93% +0.02%
==========================================
Files 147 147
Lines 19620 19640 +20
==========================================
+ Hits 8027 8040 +13
- Misses 10489 10496 +7
Partials 1104 1104
Continue to review full report at Codecov.
|
Signed-off-by: Mark Pim <j.mark.pim@gmail.com>
Signed-off-by: Mark Pim <j.mark.pim@gmail.com>
Thanks for the feedback @sbose78! Do you have any way to retrigger the CI checks to run? The error on the most recent commit looks like a transient Docker error (the previous commit was successful) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you for the improvement and details PR description!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a good change, but for additional defence-in-depth, it would be good to also change SessionManager.VerifyToken
to always return a nil
jwt.Claims
when returning a non-nil error
value.
} | ||
return tokenString, true, nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simplification opportunity: This function does not need to return an "ok" bool and an error - ok is always true when error is nil, and false when error is not-nil.
Fixes #5687.
The
Authenticate()
function correctly returns an error when an invalid token is presented. However, as a side effect it always stores tokens (valid or not) on the context. Normally this would be fine as the failed Authenticate call would terminate the request, but there are some endpoints which perform this auth, ignore errors (because they don't require an authenticated user), and then examine the claims left in the context.GetUserInfo()
is one such endpoint. The result of all this is that users who were logged in but whose token have expired (or who have a genuinely invalid token) will be reported by the UI as logged in, but will get auth errors when attempting any protected action.This PR switches round the
Authenticate()
function so that it only adds valid token claims to the context.A change to the auth code path feels scary so would appreciate some pointers on what more I can do to validate this update other than adding a unit test case for it!
Signed-off-by: Mark Pim j.mark.pim@gmail.com
Checklist: