fix: user session access
This commit is contained in:
Lakhan Samani
@@ -8,6 +8,7 @@ import (
|
||||
"github.com/golang-jwt/jwt"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/parsers"
|
||||
@@ -29,7 +30,7 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
|
||||
}
|
||||
|
||||
tokenType := params.TokenType
|
||||
if tokenType != "access_token" && tokenType != "refresh_token" && tokenType != "id_token" {
|
||||
if tokenType != constants.TokenTypeAccessToken && tokenType != constants.TokenTypeRefreshToken && tokenType != constants.TokenTypeIdentityToken {
|
||||
log.Debug("Invalid token type: ", tokenType)
|
||||
return nil, errors.New("invalid token type")
|
||||
}
|
||||
@@ -38,39 +39,34 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
|
||||
var claims jwt.MapClaims
|
||||
userID := ""
|
||||
nonce := ""
|
||||
|
||||
claims, err = token.ParseJWTToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse JWT token: ", err)
|
||||
return nil, err
|
||||
}
|
||||
userID = claims["sub"].(string)
|
||||
|
||||
// access_token and refresh_token should be validated from session store as well
|
||||
if tokenType == "access_token" || tokenType == "refresh_token" {
|
||||
claims, err = token.ParseJWTToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse JWT token: ", err)
|
||||
return nil, err
|
||||
}
|
||||
userID = claims["sub"].(string)
|
||||
nonce, err = memorystore.Provider.GetUserSession(userID, params.Token)
|
||||
if err != nil || nonce == "" {
|
||||
if tokenType == constants.TokenTypeAccessToken || tokenType == constants.TokenTypeRefreshToken {
|
||||
nonce = claims["nonce"].(string)
|
||||
token, err := memorystore.Provider.GetUserSession(userID, tokenType+"_"+claims["nonce"].(string))
|
||||
if err != nil || token == "" {
|
||||
log.Debug("Failed to get user session: ", err)
|
||||
return nil, errors.New("invalid token")
|
||||
}
|
||||
} else {
|
||||
// for ID token just parse jwt
|
||||
claims, err = token.ParseJWTToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse JWT token: ", err)
|
||||
return nil, err
|
||||
}
|
||||
userID = claims["sub"].(string)
|
||||
}
|
||||
|
||||
hostname := parsers.GetHost(gc)
|
||||
|
||||
// we cannot validate sub and nonce in case of id_token as that token is not persisted in session store
|
||||
if userID != "" && nonce != "" {
|
||||
// we cannot validate nonce in case of id_token as that token is not persisted in session store
|
||||
if nonce != "" {
|
||||
if ok, err := token.ValidateJWTClaims(claims, hostname, nonce, userID); !ok || err != nil {
|
||||
log.Debug("Failed to parse jwt token: ", err)
|
||||
return nil, errors.New("invalid claims")
|
||||
}
|
||||
} else {
|
||||
if ok, err := token.ValidateJWTTokenWithoutNonce(claims, hostname); !ok || err != nil {
|
||||
if ok, err := token.ValidateJWTTokenWithoutNonce(claims, hostname, userID); !ok || err != nil {
|
||||
log.Debug("Failed to parse jwt token without nonce: ", err)
|
||||
return nil, errors.New("invalid claims")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user