Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 15:59:41 +02:00
Code Issues Releases Activity

fix(jwt): fix handling of non-expiring JWT tokens BE-11242 (#12220)
Some checks failed
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
ci / build_images (map[arch:arm platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Has been cancelled
/ triage (push) Has been cancelled
Test / test-server (map[arch:arm64 platform:linux]) (push) Has been cancelled
Lint / Run linters (push) Has been cancelled
Test / test-client (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:linux]) (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
ci / build_manifests (push) Has been cancelled

Browse source
This commit is contained in:
andres-portainer 2024-09-17 18:23:33 -03:00 committed by GitHub
parent dbe7cd16d4
commit 5fd4f52e35
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 40 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/http/security/bouncer.go
View file

@ -381,7 +381,9 @@ func (bouncer *RequestBouncer) RevokeJWT(token string) {
func (bouncer *RequestBouncer) cleanUpExpiredJWTPass() {
bouncer.revokedJWT.Range(func(key, value any) bool {
if time.Now().After(value.(time.Time)) {
if t := value.(time.Time); t.IsZero() {
return true
} else if time.Now().After(t) {
bouncer.revokedJWT.Delete(key)
}

16
api/http/security/bouncer_test.go
View file

@ -473,6 +473,17 @@ func TestJWTRevocation(t *testing.T) {
token, _, err := jwtService.GenerateToken(&portainer.TokenData{ID: 1})
require.NoError(t, err)
settings, err := store.Settings().Settings()
require.NoError(t, err)
settings.KubeconfigExpiry = "0"
err = store.Settings().UpdateSettings(settings)
require.NoError(t, err)
kubeToken, err := jwtService.GenerateTokenForKubeconfig(&portainer.TokenData{ID: 1})
require.NoError(t, err)
apiKeyService := apikey.NewAPIKeyService(nil, nil)
bouncer := NewRequestBouncer(store, jwtService, apiKeyService)
@ -491,6 +502,7 @@ func TestJWTRevocation(t *testing.T) {
require.NoError(t, err)
bouncer.RevokeJWT(token)
bouncer.RevokeJWT(kubeToken)
revokeLen := func() (l int) {
bouncer.revokedJWT.Range(func(key, value any) bool {
@ -501,7 +513,7 @@ func TestJWTRevocation(t *testing.T) {
return l
}
require.Equal(t, 1, revokeLen())
require.Equal(t, 2, revokeLen())
_, err = bouncer.JWTAuthLookup(r)
require.Error(t, err)
@ -513,5 +525,5 @@ func TestJWTRevocation(t *testing.T) {
bouncer.cleanUpExpiredJWTPass()
require.Equal(t, 0, revokeLen())
require.Equal(t, 1, revokeLen())
}