Remove "None" variant for JWT public key
This commit is contained in:
parent
c81df0e6f7
commit
9432b3a8fd
@ -76,8 +76,8 @@ pub struct Token {
|
|||||||
pub description: String,
|
pub description: String,
|
||||||
created: u64,
|
created: u64,
|
||||||
updated: u64,
|
updated: u64,
|
||||||
#[serde(skip_serializing_if = "TokenPubKey::is_invalid")]
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
pub pub_key: TokenPubKey,
|
pub pub_key: Option<TokenPubKey>,
|
||||||
pub rights: TokenRights,
|
pub rights: TokenRights,
|
||||||
pub last_used: u64,
|
pub last_used: u64,
|
||||||
pub ip_restriction: Option<ipnetwork::IpNetwork>,
|
pub ip_restriction: Option<ipnetwork::IpNetwork>,
|
||||||
@ -205,7 +205,7 @@ pub async fn create(t: &NewToken) -> anyhow::Result<(Token, TokenPrivKey)> {
|
|||||||
id: TokenID(uuid::Uuid::new_v4()),
|
id: TokenID(uuid::Uuid::new_v4()),
|
||||||
created: time(),
|
created: time(),
|
||||||
updated: time(),
|
updated: time(),
|
||||||
pub_key,
|
pub_key: Some(pub_key),
|
||||||
rights: t.rights.clone(),
|
rights: t.rights.clone(),
|
||||||
last_used: time(),
|
last_used: time(),
|
||||||
ip_restriction: t.ip_restriction,
|
ip_restriction: t.ip_restriction,
|
||||||
|
@ -10,7 +10,6 @@ use actix_web::{web, HttpResponse};
|
|||||||
/// Create a special module for REST token to enforce usage of constructor function
|
/// Create a special module for REST token to enforce usage of constructor function
|
||||||
mod rest_token {
|
mod rest_token {
|
||||||
use crate::api_tokens::Token;
|
use crate::api_tokens::Token;
|
||||||
use crate::utils::jwt_utils::TokenPubKey;
|
|
||||||
|
|
||||||
#[derive(serde::Serialize)]
|
#[derive(serde::Serialize)]
|
||||||
pub struct RestToken {
|
pub struct RestToken {
|
||||||
@ -20,7 +19,7 @@ mod rest_token {
|
|||||||
|
|
||||||
impl RestToken {
|
impl RestToken {
|
||||||
pub fn new(mut token: Token) -> Self {
|
pub fn new(mut token: Token) -> Self {
|
||||||
token.pub_key = TokenPubKey::None;
|
token.pub_key = None;
|
||||||
Self { token }
|
Self { token }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -72,7 +72,13 @@ impl FromRequest for ApiAuthExtractor {
|
|||||||
return Err(ErrorBadRequest("Unable to validate token!"));
|
return Err(ErrorBadRequest("Unable to validate token!"));
|
||||||
}
|
}
|
||||||
|
|
||||||
let claims = match jwt_utils::validate_jwt::<TokenClaims>(&token.pub_key, &token_jwt) {
|
let claims = match jwt_utils::validate_jwt::<TokenClaims>(
|
||||||
|
&token
|
||||||
|
.pub_key
|
||||||
|
.clone()
|
||||||
|
.expect("All tokens shall have public key!"),
|
||||||
|
&token_jwt,
|
||||||
|
) {
|
||||||
Ok(c) => c,
|
Ok(c) => c,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
log::error!("Failed to validate JWT: {e}");
|
log::error!("Failed to validate JWT: {e}");
|
||||||
|
@ -9,21 +9,10 @@ use serde::Serialize;
|
|||||||
#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
|
#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
|
||||||
#[serde(tag = "alg")]
|
#[serde(tag = "alg")]
|
||||||
pub enum TokenPubKey {
|
pub enum TokenPubKey {
|
||||||
/// This variant DOES make crash the program. It MUST NOT used to validate JWT.
|
|
||||||
///
|
|
||||||
/// It is a hack to hide public key when getting the list of tokens
|
|
||||||
None,
|
|
||||||
|
|
||||||
/// ECDSA with SHA2-384 variant
|
/// ECDSA with SHA2-384 variant
|
||||||
ES384 { r#pub: String },
|
ES384 { r#pub: String },
|
||||||
}
|
}
|
||||||
|
|
||||||
impl TokenPubKey {
|
|
||||||
pub fn is_invalid(&self) -> bool {
|
|
||||||
self == &TokenPubKey::None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Clone, Debug)]
|
#[derive(serde::Serialize, serde::Deserialize, Clone, Debug)]
|
||||||
#[serde(tag = "alg")]
|
#[serde(tag = "alg")]
|
||||||
pub enum TokenPrivKey {
|
pub enum TokenPrivKey {
|
||||||
@ -71,9 +60,6 @@ pub fn validate_jwt<E: DeserializeOwned>(key: &TokenPubKey, token: &str) -> anyh
|
|||||||
let validation = Validation::new(Algorithm::ES384);
|
let validation = Validation::new(Algorithm::ES384);
|
||||||
Ok(jsonwebtoken::decode::<E>(token, &decoding_key, &validation)?.claims)
|
Ok(jsonwebtoken::decode::<E>(token, &decoding_key, &validation)?.claims)
|
||||||
}
|
}
|
||||||
TokenPubKey::None => {
|
|
||||||
panic!("A public key is required!")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user