Skip to content

Removed error prone key decode looping #7325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kuranium wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Removed error prone key decode looping #7325

kuranium wants to merge 7 commits into from

Conversation

@kuranium
Copy link

@kuranium kuranium commented Feb 12, 2025

What type of PR is this?

  • Refactor
  • Feature
  • Bug Fix
  • New Query Runner (Data Source)
  • New Alert Destination
  • Other

Description

Old implementation could loop thru irrelevant public keys and trying to decode with them, causing unnecessary and missleading exceptions in logs.
In this commit the "net" fetched keys get filtered upon fetching, using the basic jwt functionality. So now we only use and cache keys with matching "kid" fields.

How is this tested?

  • Unit tests (pytest, jest)
  • E2E Tests (Cypress)
  • Manually
  • N/A

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

@kuranium
Copy link
Author

kuranium commented Mar 17, 2025

@yoshiokatsuneo any clue who might be invested in / responsible for the authentication related code?

yoshiokatsuneo
yoshiokatsuneo reviewed Mar 17, 2025
View reviewed changes
redash/authentication/jwt_auth.py Outdated
else:
if url.startswith(FILE_SCHEME_PREFIX):
keys = [get_public_key_from_file(url)]
key = [get_signing_key_from_file(url)]
Copy link
Contributor

@yoshiokatsuneo yoshiokatsuneo Mar 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just guess that "key" should not be an array.

Copy link
Author

@kuranium kuranium Mar 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, should be fixed now

@yoshiokatsuneo
Copy link
Contributor

yoshiokatsuneo commented Mar 17, 2025

@yoshiokatsuneo any clue who might be invested in / responsible for the authentication related code?

@kuranium
I have no idea whether there is any component owner or not...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yoshiokatsuneo yoshiokatsuneo yoshiokatsuneo left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kuranium @yoshiokatsuneo