fix: Fix buggy logic and simplify code if ValidateUser enabled

2024-09-20 11:27:26 +02:00 · 2023-09-08 11:50:28 +02:00 · 2023-09-08 11:50:28 +02:00 · 4b06fa788d
commit 4b06fa788d
parent 7a5ccff6da
2 changed files with 35 additions and 35 deletions
--- a/internal/auth/jwtCookieSession.go
+++ b/internal/auth/jwtCookieSession.go
@ -6,6 +6,7 @@ package auth
 import (
 	"crypto/ed25519"
 	"database/sql"
 	"encoding/base64"
 	"errors"
 	"fmt"
@ -166,16 +167,20 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 	}
 	var roles []string
 	projects := make([]string, 0)
 	if jc.ValidateUser {
 		var err error
 		user, err = repository.GetUserRepository().GetUser(sub)
 		if err != nil && err != sql.ErrNoRows {
 			log.Errorf("Error while loading user '%v'", sub)
 		}
 		// Deny any logins for unknown usernames
 		if user == nil {
 			log.Warn("Could not find user from JWT in internal database.")
 			return nil, errors.New("unknown user")
 		}
 		// Take user roles from database instead of trusting the JWT
 		roles = user.Roles
 	} else {
 		// Extract roles from JWT (if present)
 		if rawroles, ok := claims["roles"].([]interface{}); ok {
@ -185,20 +190,6 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 				}
 			}
 		}
 	}
 	// (Ask browser to) Delete JWT cookie
 	deletedCookie := &http.Cookie{
 		Name:     jc.CookieName,
 		Value:    "",
 		Path:     "/",
 		MaxAge:   -1,
 		HttpOnly: true,
 	}
 	http.SetCookie(rw, deletedCookie)
 	if user == nil {
 		projects := make([]string, 0)
 		user = &schema.User{
 			Username:   sub,
 			Name:       name,
@ -215,5 +206,15 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 		}
 	}
 	// (Ask browser to) Delete JWT cookie
 	deletedCookie := &http.Cookie{
 		Name:     jc.CookieName,
 		Value:    "",
 		Path:     "/",
 		MaxAge:   -1,
 		HttpOnly: true,
 	}
 	http.SetCookie(rw, deletedCookie)
 	return user, nil
 }
--- a/internal/auth/jwtSession.go
+++ b/internal/auth/jwtSession.go
@ -5,6 +5,7 @@
 package auth
 import (
 	"database/sql"
 	"encoding/base64"
 	"errors"
 	"fmt"
@ -92,16 +93,20 @@ func (ja *JWTSessionAuthenticator) Login(
 	}
 	var roles []string
 	projects := make([]string, 0)
 	if config.Keys.JwtConfig.ValidateUser {
 		var err error
 		user, err = repository.GetUserRepository().GetUser(sub)
 		if err != nil && err != sql.ErrNoRows {
 			log.Errorf("Error while loading user '%v'", sub)
 		}
 		// Deny any logins for unknown usernames
 		if user == nil {
 			log.Warn("Could not find user from JWT in internal database.")
 			return nil, errors.New("unknown user")
 		}
 		// Take user roles from database instead of trusting the JWT
 		roles = user.Roles
 	} else {
 		// Extract roles from JWT (if present)
 		if rawroles, ok := claims["roles"].([]interface{}); ok {
@ -113,23 +118,17 @@ func (ja *JWTSessionAuthenticator) Login(
 				}
 			}
 		}
 		if rawprojs, ok := claims["projects"].([]interface{}); ok {
 			for _, pp := range rawprojs {
 				if p, ok := pp.(string); ok {
 					projects = append(projects, p)
 				}
 			}
 		} else if rawprojs, ok := claims["projects"]; ok {
 			projects = append(projects, rawprojs.([]string)...)
 		}
 	projects := make([]string, 0)
 	// Java/Grails Issued Token
 	// if rawprojs, ok := claims["projects"].([]interface{}); ok {
 	// 	for _, pp := range rawprojs {
 	// 		if p, ok := pp.(string); ok {
 	// 			projects = append(projects, p)
 	// 		}
 	// 	}
 	// } else if rawprojs, ok := claims["projects"]; ok {
 	// 	for _, p := range rawprojs.([]string) {
 	// 		projects = append(projects, p)
 	// 	}
 	// }
 	if user == nil {
 		user = &schema.User{
 			Username:   sub,
 			Name:       name,