geforkt von mirrored/vaultwarden
return more descriptive JWT validation messages
Dieser Commit ist enthalten in:
Ursprung
6fa6eb18e8
Commit
475c7b8f16
1 geänderte Dateien mit 11 neuen und 7 gelöschten Zeilen
18
src/auth.rs
18
src/auth.rs
|
@ -1,18 +1,14 @@
|
||||||
//
|
|
||||||
// JWT Handling
|
// JWT Handling
|
||||||
//
|
//
|
||||||
use chrono::{Duration, Utc};
|
use chrono::{Duration, Utc};
|
||||||
use num_traits::FromPrimitive;
|
use num_traits::FromPrimitive;
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
|
|
||||||
use jsonwebtoken::{self, Algorithm, DecodingKey, EncodingKey, Header};
|
use jsonwebtoken::{self, errors::ErrorKind, Algorithm, DecodingKey, EncodingKey, Header};
|
||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::ser::Serialize;
|
use serde::ser::Serialize;
|
||||||
|
|
||||||
use crate::{
|
use crate::{error::Error, CONFIG};
|
||||||
error::{Error, MapResult},
|
|
||||||
CONFIG,
|
|
||||||
};
|
|
||||||
|
|
||||||
const JWT_ALGORITHM: Algorithm = Algorithm::RS256;
|
const JWT_ALGORITHM: Algorithm = Algorithm::RS256;
|
||||||
|
|
||||||
|
@ -61,7 +57,15 @@ fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T, Err
|
||||||
validation.set_issuer(&[issuer]);
|
validation.set_issuer(&[issuer]);
|
||||||
|
|
||||||
let token = token.replace(char::is_whitespace, "");
|
let token = token.replace(char::is_whitespace, "");
|
||||||
jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation).map(|d| d.claims).map_res("Error decoding JWT")
|
match jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) {
|
||||||
|
Ok(d) => Ok(d.claims),
|
||||||
|
Err(err) => match *err.kind() {
|
||||||
|
ErrorKind::InvalidToken => err!("Token is invalid"),
|
||||||
|
ErrorKind::InvalidIssuer => err!("Issuer is invalid"),
|
||||||
|
ErrorKind::ExpiredSignature => err!("Token has expired"),
|
||||||
|
_ => err!("Error decoding JWT"),
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn decode_login(token: &str) -> Result<LoginJwtClaims, Error> {
|
pub fn decode_login(token: &str) -> Result<LoginJwtClaims, Error> {
|
||||||
|
|
Laden …
In neuem Issue referenzieren