kenmirrors/ente
1
0
Fork 0
mirror of https://github.com/ente-io/ente.git synced 2025-05-02 20:09:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return complete claim instead of userID

Browse Source
This commit is contained in:
Neeraj Gupta 2025-03-18 14:30:24 +05:30
parent 47f0c88ed8
commit 2e3ac8b485
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/pkg/controller/user/jwt.go
View File

@ -38,7 +38,7 @@ func (c *UserController) GetJWTTokenForClaim(claim *enteJWT.WebCommonJWTClaim) (
return tokenString, nil return tokenString, nil
} }
func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (int64, error) { func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (*enteJWT.WebCommonJWTClaim, error) {
token, err := jwt.ParseWithClaims(jwtToken, &enteJWT.WebCommonJWTClaim{}, func(token *jwt.Token) (interface{}, error) { token, err := jwt.ParseWithClaims(jwtToken, &enteJWT.WebCommonJWTClaim{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, stacktrace.Propagate(fmt.Errorf("unexpected signing method: %v", token.Header["alg"]), "") return nil, stacktrace.Propagate(fmt.Errorf("unexpected signing method: %v", token.Header["alg"]), "")
@ -46,14 +46,14 @@ func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimSc
return c.JwtSecret, nil return c.JwtSecret, nil
}) })
if err != nil { if err != nil {
return -1, stacktrace.Propagate(err, "JWT parsed failed") return nil, stacktrace.Propagate(err, "JWT parsed failed")
} }
claims, ok := token.Claims.(*enteJWT.WebCommonJWTClaim) claims, ok := token.Claims.(*enteJWT.WebCommonJWTClaim)
if ok && token.Valid { if ok && token.Valid {
if claims.GetScope() != scope { if claims.GetScope() != scope {
return -1, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "") return nil, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "")
} }
return claims.UserID, nil return claims, nil
} }
return -1, stacktrace.Propagate(err, "JWT claim failed") return nil, stacktrace.Propagate(err, "JWT claim failed")
} }

4
server/pkg/controller/user/user_delete.go
View File

@ -63,11 +63,11 @@ func (c *UserController) GetDeleteChallengeToken(ctx *gin.Context) (*ente.Delete
func (c *UserController) SelfDeleteAccount(ctx *gin.Context, req ente.DeleteAccountRequest) (*ente.DeleteAccountResponse, error) { func (c *UserController) SelfDeleteAccount(ctx *gin.Context, req ente.DeleteAccountRequest) (*ente.DeleteAccountResponse, error) {
userID := auth.GetUserID(ctx.Request.Header) userID := auth.GetUserID(ctx.Request.Header)
tokenUserID, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT) claim, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT)
if err != nil { if err != nil {
return nil, stacktrace.Propagate(err, "failed to validate jwt token") return nil, stacktrace.Propagate(err, "failed to validate jwt token")
} }
if tokenUserID != userID { if claim.UserID != userID {
return nil, stacktrace.Propagate(ente.ErrPermissionDenied, "jwtToken belongs to different user") return nil, stacktrace.Propagate(ente.ErrPermissionDenied, "jwtToken belongs to different user")
} }
user, err := c.UserRepo.Get(userID) user, err := c.UserRepo.Get(userID)

7
server/pkg/middleware/auth.go
View File

@ -48,7 +48,12 @@ func (m *AuthMiddleware) TokenAuthMiddleware(jwtClaimScope *jwt.ClaimScope) gin.
var err error var err error
if !found { if !found {
if isJWT { if isJWT {
userID, err = m.UserController.ValidateJWTToken(token, *jwtClaimScope) claim, claimErr := m.UserController.ValidateJWTToken(token, *jwtClaimScope)
if claimErr != nil {
err = claimErr
} else {
userID = claim.UserID
}
} else { } else {
userID, err = m.UserAuthRepo.GetUserIDWithToken(token, app) userID, err = m.UserAuthRepo.GetUserIDWithToken(token, app)
if err != nil && !errors.Is(err, sql.ErrNoRows) { if err != nil && !errors.Is(err, sql.ErrNoRows) {