yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authn): add handling of invalid secret

This commit is contained in:
zhouzb 2021-11-25 17:17:44 +08:00
parent d88bfdfe14
commit 15654b5b28
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
View File

@ -201,15 +201,14 @@ create2(#{use_jwks := false,
secret := Secret0, secret := Secret0,
secret_base64_encoded := Base64Encoded, secret_base64_encoded := Base64Encoded,
verify_claims := VerifyClaims}) -> verify_claims := VerifyClaims}) ->
Secret = case Base64Encoded of case may_decode_secret(Base64Encoded, Secret0) of
true -> {error, Reason} ->
base64:decode(Secret0); {error, Reason};
false -> Secret ->
Secret0 JWK = jose_jwk:from_oct(Secret),
end, {ok, #{jwk => JWK,
JWK = jose_jwk:from_oct(Secret), verify_claims => VerifyClaims}}
{ok, #{jwk => JWK, end;
verify_claims => VerifyClaims}};
create2(#{use_jwks := false, create2(#{use_jwks := false,
algorithm := 'public-key', algorithm := 'public-key',
@ -234,6 +233,14 @@ create2(#{use_jwks := true,
{error, Reason} {error, Reason}
end. end.
may_decode_secret(false, Secret) -> Secret;
may_decode_secret(true, Secret) ->
try base64:decode(Secret)
catch
error : _ ->
{error, {invalid_parameter, Secret}}
end.
replace_placeholder(L, Variables) -> replace_placeholder(L, Variables) ->
replace_placeholder(L, Variables, []). replace_placeholder(L, Variables, []).