Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #687 from nikriek/jwt-fix
Browse files Browse the repository at this point in the history 
Fix issues with JWT login
  • Loading branch information
@erikjohnston
erikjohnston committed Apr 21, 2016
2 parents 78741cf + 565c2ed commit b9675ef
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
2 changes: 2 additions & 0 deletions synapse/config/jwt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ def read_config(self, config):

def default_config(self, **kwargs):
return """\
# The JWT needs to contain a globally unique "sub" (subject) claim.
#
# jwt_config:
# enabled: true
# secret: "a secret"
Expand Down
9 changes: 6 additions & 3 deletions synapse/rest/client/v1/login.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,16 +224,19 @@ def do_cas_login(self, cas_response_body):

@defer.inlineCallbacks
def do_jwt_login(self, login_submission):
token = login_submission['token']
token = login_submission.get("token", None)
if token is None:
raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
raise LoginError(401, "Token field for JWT is missing",
errcode=Codes.UNAUTHORIZED)

try:
payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm])
except jwt.ExpiredSignatureError:
raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED)
except InvalidTokenError:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)

user = payload['user']
user = payload.get("sub", None)
if user is None:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)

Expand Down

0 comments on commit b9675ef

Please sign in to comment.