Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-02 04:15:28 +02:00
Code Issues Releases Activity

fix(jwt): handle kubeconfig with no expiry [EE-7044] (#11710)
Some checks are pending
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details
ci / build_images (map[arch:arm platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:s390x platform:linux version:]) (push) Waiting to run
Details
ci / build_manifests (push) Blocked by required conditions
Details
/ triage (push) Waiting to run
Details
Lint / Run linters (push) Waiting to run
Details
Test / test-client (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:linux]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details
Test / test-server (map[arch:arm64 platform:linux]) (push) Waiting to run
Details

Browse source 
Co-authored-by: testa113 <testa113>
This commit is contained in:
Ali 2024-04-30 09:22:45 +12:00 committed by GitHub
parent 10d20e5963
commit 7479302043
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
api/jwt/jwt.go
View file

@ -123,7 +123,7 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
if err != nil { if err != nil {
return nil, errInvalidJWTToken return nil, errInvalidJWTToken
} }
if user.TokenIssueAt > cl.RegisteredClaims.ExpiresAt.Unix() { if user.TokenIssueAt > cl.RegisteredClaims.IssuedAt.Unix() {
return nil, errInvalidJWTToken return nil, errInvalidJWTToken
} }
@ -181,13 +181,15 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
Role: int(data.Role), Role: int(data.Role),
Scope: scope, Scope: scope,
ForceChangePassword: data.ForceChangePassword, ForceChangePassword: data.ForceChangePassword,
RegisteredClaims: jwt.RegisteredClaims{
IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(expiresAt),
},
} }
if !expiresAt.IsZero() { // If expiresAt is set to a zero value, the token should never expire
cl.RegisteredClaims = jwt.RegisteredClaims{ if expiresAt.IsZero() {
ExpiresAt: jwt.NewNumericDate(expiresAt), cl.RegisteredClaims.ExpiresAt = nil
IssuedAt: jwt.NewNumericDate(time.Now()),
}
} }
token := jwt.NewWithClaims(jwt.SigningMethodHS256, cl) token := jwt.NewWithClaims(jwt.SigningMethodHS256, cl)

7
api/jwt/jwt_kubeconfig.go
View file

@ -18,9 +18,10 @@ func (service *Service) GenerateTokenForKubeconfig(data *portainer.TokenData) (s
return "", err return "", err
} }
expiryAt := time.Now().Add(expiryDuration) // https://go.dev/play/p/bOrt6cQpA0I time.Time defaults to a zero value which is 0001-01-01 00:00:00 +0000 UTC
if expiryDuration == time.Duration(0) { var expiryAt time.Time
expiryAt = time.Time{} if expiryDuration > time.Duration(0) {
expiryAt = time.Now().Add(expiryDuration)
} }
return service.generateSignedToken(data, expiryAt, kubeConfigScope) return service.generateSignedToken(data, expiryAt, kubeConfigScope)