Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 15:59:41 +02:00
Code Issues Releases Activity

fix(jwt): upgrade jwt to remove deprecated jwt.StandardClaims [EE-6469] (#10850)
Some checks failed
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Has been cancelled
Details
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Has been cancelled
Details
ci / build_images (map[arch:s390x platform:linux version:]) (push) Has been cancelled
Details
Test / test-server (map[arch:arm64 platform:linux]) (push) Has been cancelled
Details
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Has been cancelled
Details
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
Details
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
Details
ci / build_images (map[arch:arm platform:linux version:]) (push) Has been cancelled
Details
/ triage (push) Has been cancelled
Details
Lint / Run linters (push) Has been cancelled
Details
Test / test-client (push) Has been cancelled
Details
Test / test-server (map[arch:amd64 platform:linux]) (push) Has been cancelled
Details
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
Details
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
Details
ci / build_manifests (push) Has been cancelled
Details

Browse source
This commit is contained in:
Matt Hook 2024-04-23 17:33:36 +12:00 committed by GitHub
parent 2463648161
commit 505a2d5523
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 21 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

23
api/jwt/jwt.go
View file

@ -13,6 +13,8 @@ import (
"github.com/rs/zerolog/log"
)
const year = time.Hour * 24 * 365
// scope represents JWT scopes that are supported in JWT claims.
type scope string
@ -29,7 +31,7 @@ type claims struct {
Role int `json:"role"`
Scope scope `json:"scope"`
ForceChangePassword bool `json:"forceChangePassword"`
jwt.StandardClaims
jwt.RegisteredClaims
}
var (
@ -98,7 +100,7 @@ func (service *Service) defaultExpireAt() time.Time {
// GenerateToken generates a new JWT token.
func (service *Service) GenerateToken(data *portainer.TokenData) (string, time.Time, error) {
expiryTime := service.defaultExpireAt()
token, err := service.generateSignedToken(data, expiryTime.Unix(), defaultScope)
token, err := service.generateSignedToken(data, expiryTime, defaultScope)
return token, expiryTime, err
}
@ -121,7 +123,7 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
if err != nil {
return nil, errInvalidJWTToken
}
if user.TokenIssueAt > cl.StandardClaims.IssuedAt {
if user.TokenIssueAt > cl.RegisteredClaims.ExpiresAt.Unix() {
return nil, errInvalidJWTToken
}
@ -156,7 +158,7 @@ func (service *Service) SetUserSessionDuration(userSessionDuration time.Duration
service.userSessionTimeout = userSessionDuration
}
func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt int64, scope scope) (string, error) {
func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt time.Time, scope scope) (string, error) {
secret, found := service.secrets[scope]
if !found {
return "", fmt.Errorf("invalid scope: %v", scope)
@ -170,7 +172,7 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
if settings.IsDockerDesktopExtension {
// Set expiration to 99 years for docker desktop extension.
log.Info().Msg("detected docker desktop extension mode")
expiresAt = time.Now().Add(time.Hour * 8760 * 99).Unix()
expiresAt = time.Now().Add(year * 99)
}
cl := claims{
@ -179,10 +181,13 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
Role: int(data.Role),
Scope: scope,
ForceChangePassword: data.ForceChangePassword,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expiresAt,
IssuedAt: time.Now().Unix(),
},
}
if !expiresAt.IsZero() {
cl.RegisteredClaims = jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(expiresAt),
IssuedAt: jwt.NewNumericDate(time.Now()),
}
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, cl)