github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improved invalid JWT handling (#9058)

Browse Source 
* Improved invalid token handling in oauth flows

* Fixed cookie name
This commit is contained in:
Aiden Foxx
2021-10-22 16:17:12 +02:00
committed by GitHub
parent 8b7b94ac68
commit 29a2e75206
3 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api/src/auth/drivers/oauth2.ts
View File

@@ -211,16 +211,18 @@ export function createOAuth2AuthRouter(providerName: string): Router {
router.get(
'/callback',
asyncHandler(async (req, res, next) => {
const token = req.cookies[`oauth2.${providerName}`];
let tokenData;
if (!token) {
try {
tokenData = jwt.verify(req.cookies[`oauth2.${providerName}`], env.SECRET as string, { issuer: 'directus' }) as {
verifier: string;
redirect?: string;
};
} catch (e) {
throw new InvalidCredentialsException();
}
const { verifier, redirect } = jwt.verify(token, env.SECRET as string, { issuer: 'directus' }) as {
verifier: string;
redirect: string;
};
const { verifier, redirect } = tokenData;
const authenticationService = new AuthenticationService({
accountability: {
@@ -236,10 +238,8 @@ export function createOAuth2AuthRouter(providerName: string): Router {
try {
res.clearCookie(`oauth2.${providerName}`);
const { code } = req.query;
if (!code) {
logger.warn(`Couldn't extract oAuth2 code from query: ${JSON.stringify(req.query)}`);
if (!req.query.code) {
logger.warn(`Couldn't extract OAuth2 code from query: ${JSON.stringify(req.query)}`);
}
authResponse = await authenticationService.login(providerName, {

21
api/src/auth/drivers/openid.ts
View File

@@ -217,11 +217,18 @@ export function createOpenIDAuthRouter(providerName: string): Router {
router.get(
'/callback',
asyncHandler(async (req, res, next) => {
const token = req.cookies[`openid.${providerName}`];
const { verifier, redirect } = jwt.verify(token, env.SECRET as string, { issuer: 'directus' }) as {
verifier: string;
redirect: string;
};
let tokenData;
try {
tokenData = jwt.verify(req.cookies[`openid.${providerName}`], env.SECRET as string, { issuer: 'directus' }) as {
verifier: string;
redirect?: string;
};
} catch (e) {
throw new InvalidCredentialsException();
}
const { verifier, redirect } = tokenData;
const authenticationService = new AuthenticationService({
accountability: {
@@ -237,6 +244,10 @@ export function createOpenIDAuthRouter(providerName: string): Router {
try {
res.clearCookie(`openid.${providerName}`);
if (!req.query.code) {
logger.warn(`Couldn't extract OAuth2 code from query: ${JSON.stringify(req.query)}`);
}
authResponse = await authenticationService.login(providerName, {
code: req.query.code,
codeVerifier: verifier,

2
api/src/types/auth.ts
View File

@@ -24,7 +24,7 @@ export type AuthData = Record<string, any> | null;
export interface Session {
token: string;
expires: Date;
data: string | null;
data: string | Record<string, unknown> | null;
}
export type SessionData = Record<string, any> | null;