mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-01-09 17:54:00 +00:00
return more descriptive JWT validation messages
This commit is contained in:
parent
6fa6eb18e8
commit
475c7b8f16
18
src/auth.rs
18
src/auth.rs
@ -1,18 +1,14 @@
|
|||||||
//
|
|
||||||
// JWT Handling
|
// JWT Handling
|
||||||
//
|
//
|
||||||
use chrono::{Duration, Utc};
|
use chrono::{Duration, Utc};
|
||||||
use num_traits::FromPrimitive;
|
use num_traits::FromPrimitive;
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
|
|
||||||
use jsonwebtoken::{self, Algorithm, DecodingKey, EncodingKey, Header};
|
use jsonwebtoken::{self, errors::ErrorKind, Algorithm, DecodingKey, EncodingKey, Header};
|
||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::ser::Serialize;
|
use serde::ser::Serialize;
|
||||||
|
|
||||||
use crate::{
|
use crate::{error::Error, CONFIG};
|
||||||
error::{Error, MapResult},
|
|
||||||
CONFIG,
|
|
||||||
};
|
|
||||||
|
|
||||||
const JWT_ALGORITHM: Algorithm = Algorithm::RS256;
|
const JWT_ALGORITHM: Algorithm = Algorithm::RS256;
|
||||||
|
|
||||||
@ -61,7 +57,15 @@ fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T, Err
|
|||||||
validation.set_issuer(&[issuer]);
|
validation.set_issuer(&[issuer]);
|
||||||
|
|
||||||
let token = token.replace(char::is_whitespace, "");
|
let token = token.replace(char::is_whitespace, "");
|
||||||
jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation).map(|d| d.claims).map_res("Error decoding JWT")
|
match jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) {
|
||||||
|
Ok(d) => Ok(d.claims),
|
||||||
|
Err(err) => match *err.kind() {
|
||||||
|
ErrorKind::InvalidToken => err!("Token is invalid"),
|
||||||
|
ErrorKind::InvalidIssuer => err!("Issuer is invalid"),
|
||||||
|
ErrorKind::ExpiredSignature => err!("Token has expired"),
|
||||||
|
_ => err!("Error decoding JWT"),
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn decode_login(token: &str) -> Result<LoginJwtClaims, Error> {
|
pub fn decode_login(token: &str) -> Result<LoginJwtClaims, Error> {
|
||||||
|
Loading…
Reference in New Issue
Block a user