github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(jwt): generate JWT IDs BE-11179 (#12175)

pull/12179/head
andres-portainer 2024-09-02 12:06:39 -03:00 committed by GitHub
parent 8fae7f8438
commit 2fe252d62b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/jwt/jwt.go
View File

@ -9,6 +9,7 @@ import (
"github.com/portainer/portainer/api/apikey"
"github.com/portainer/portainer/api/dataservices"
"github.com/gofrs/uuid"
"github.com/golang-jwt/jwt/v4"
"github.com/rs/zerolog/log"
)
@ -145,7 +146,7 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
}, cl.ID, cl.ExpiresAt.Time, nil
}
// parse a JWT token, fallback to defaultScope if no scope is present in the JWT
// Parse a JWT token, fallback to defaultScope if no scope is present in the JWT
func parseScope(token string) scope {
unverifiedToken, _, _ := new(jwt.Parser).ParseUnverified(token, &claims{})
if unverifiedToken == nil {
@ -180,6 +181,11 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
expiresAt = time.Now().Add(99 * year)
}
uuid, err := uuid.NewV4()
if err != nil {
return "", fmt.Errorf("unable to generate the JWT ID: %w", err)
}
cl := claims{
UserID: int(data.ID),
Username: data.Username,
@ -187,6 +193,7 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
Scope: scope,
ForceChangePassword: data.ForceChangePassword,
RegisteredClaims: jwt.RegisteredClaims{
ID: uuid.String(),
IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(expiresAt),
},