llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 12:30:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: no database check when using accessToken (#461)

Browse Source 
Signed-off-by: 0x2a <stevesough@gmail.com>
This commit is contained in:
Steve0x2a
2022-01-28 15:07:42 +08:00
committed by GitHub
parent c1f553440e
commit d129202b95
3 changed files with 31 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
object/token.go
View File

@ -156,6 +156,16 @@ func DeleteToken(token *Token) bool {
return affected != 0 return affected != 0
} }
func GetTokenByAccessToken(accessToken string) *Token {
//Check if the accessToken is in the database
token := Token{}
existed, err := adapter.Engine.Where("access_token=?", accessToken).Get(&token)
if err != nil || !existed {
return nil
}
return &token
}
func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string) (string, *Application) { func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string) (string, *Application) {
if responseType != "code" { if responseType != "code" {
return "response_type should be \"code\"", nil return "response_type should be \"code\"", nil

40
routers/auto_signin_filter.go
View File

@ -16,7 +16,6 @@ package routers
import ( import (
"fmt" "fmt"
"time"
"github.com/astaxie/beego/context" "github.com/astaxie/beego/context"
"github.com/casdoor/casdoor/object" "github.com/casdoor/casdoor/object"
@ -28,22 +27,26 @@ func AutoSigninFilter(ctx *context.Context) {
// return // return
//} //}
// "/page?access_token=123" // "/page?access_token=123" or HTTP Bearer token
// Authorization: Bearer bearerToken
accessToken := ctx.Input.Query("accessToken") accessToken := ctx.Input.Query("accessToken")
if accessToken == "" {
accessToken = parseBearerToken(ctx)
}
if accessToken != "" { if accessToken != "" {
cert := object.GetDefaultCert() token := object.GetTokenByAccessToken(accessToken)
claims, err := object.ParseJwtToken(accessToken, cert) if token == nil {
if err != nil { responseError(ctx, "non-existent accessToken")
responseError(ctx, "invalid JWT token")
return return
} }
if time.Now().Unix() > claims.ExpiresAt.Unix() { if !util.CheckTokenExpireTime(token.CreatedTime, token.ExpiresIn) {
responseError(ctx, "expired JWT token") responseError(ctx, "expired accessToken")
return
} }
userId := fmt.Sprintf("%s/%s", token.Organization, token.User)
userId := fmt.Sprintf("%s/%s", claims.User.Owner, claims.User.Name) application, _ := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
setSessionUser(ctx, userId) setSessionUser(ctx, userId)
setSessionOidc(ctx, claims.Scope, claims.Audience[0]) setSessionOidc(ctx, token.Scope, application.ClientId)
return return
} }
@ -69,19 +72,4 @@ func AutoSigninFilter(ctx *context.Context) {
return return
} }
// HTTP Bearer token
// Authorization: Bearer bearerToken
bearerToken := parseBearerToken(ctx)
if bearerToken != "" {
cert := object.GetDefaultCert()
claims, err := object.ParseJwtToken(bearerToken, cert)
if err != nil {
responseError(ctx, err.Error())
return
}
setSessionUser(ctx, fmt.Sprintf("%s/%s", claims.Owner, claims.Name))
setSessionExpire(ctx, claims.ExpiresAt.Unix())
setSessionOidc(ctx, claims.Scope, claims.Audience[0])
}
} }

7
util/time.go
View File

@ -28,3 +28,10 @@ func GetCurrentTime() string {
func GetCurrentUnixTime() string { func GetCurrentUnixTime() string {
return strconv.FormatInt(time.Now().UnixNano(), 10) return strconv.FormatInt(time.Now().UnixNano(), 10)
} }
func CheckTokenExpireTime(createdTime string, expireIn int) bool {
create, _ := time.Parse(time.RFC3339, createdTime)
expireAt := create.Add(time.Duration(expireIn) * time.Minute)
return time.Now().Before(expireAt)
}