1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 16:45:58 +01:00

Fix token parsing when aud is an array.

This commit is contained in:
Juliusz Chroboczek 2022-02-20 01:04:16 +01:00
parent a9c9581465
commit 37ef768ac0

View file

@ -37,7 +37,7 @@ func parseKey(key map[string]interface{}) (interface{}, error) {
switch kty { switch kty {
case "oct": case "oct":
var length int var length int
switch(alg) { switch alg {
case "HS256": case "HS256":
length = 32 length = 32
case "HS384": case "HS384":
@ -105,6 +105,18 @@ func getKey(header map[string]interface{}, keys []map[string]interface{}) (inter
return nil, errors.New("key not found") return nil, errors.New("key not found")
} }
func toStringArray(a []interface{}) ([]string, bool) {
b := make([]string, len(a))
for i, v := range a {
w, ok := v.(string)
if !ok {
return nil, false
}
b[i] = w
}
return b, true
}
func Valid(username, token string, keys []map[string]interface{}) ([]string, []string, error) { func Valid(username, token string, keys []map[string]interface{}) ([]string, []string, error) {
tok, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) { tok, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
return getKey(t.Header, keys) return getKey(t.Header, keys)
@ -124,8 +136,15 @@ func Valid(username, token string, keys []map[string]interface{}) ([]string, []s
switch a := a.(type) { switch a := a.(type) {
case string: case string:
aud = []string{a} aud = []string{a}
case []string: case []interface{}:
aud = a aud, ok = toStringArray(a)
if !ok {
return nil, nil,
errors.New("invalid 'aud' field")
}
default:
return nil, nil,
errors.New("invalid 'aud' field")
} }
} }
@ -136,15 +155,11 @@ func Valid(username, token string, keys []map[string]interface{}) ([]string, []s
return nil, nil, return nil, nil,
errors.New("invalid 'permissions' field") errors.New("invalid 'permissions' field")
} }
perms = make([]string, len(pp)) perms, ok = toStringArray(pp)
for i, v := range pp {
w, ok := v.(string)
if !ok { if !ok {
return nil, nil, return nil, nil,
errors.New("invalid 'permissions' field") errors.New("invalid 'permissions' field")
} }
perms[i] = w
}
} }
return aud, perms, nil return aud, perms, nil
} }