Jwt decode fix (#113)

codecov · Aug 26, 2024 · 3b1dda8 · 3b1dda8
2 parents e515b1b + ceb7357
commit 3b1dda8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/service_auth/actions.py b/service_auth/actions.py
@@ -105,17 +105,17 @@ def view_login_modal(
     client, command
 ):  # this will be used to override the active provider using /login
     slack_user_id = command["user_id"]
-    slack_user_id_jwt = jwt.encode(
-        {"user_id": slack_user_id}, USER_ID_SECRET, algorithm="HS256"
+    channel_id = command["channel_id"]
+    slack_state_jwt = jwt.encode(
+        {"user_id": slack_user_id, "channel_id": channel_id}, USER_ID_SECRET, algorithm="HS256"
     )
 
     # create slack user
     user_info = client.users_info(user=slack_user_id)
     get_or_create_slack_user(user_info)
-    channel_id = command["channel_id"]
 
     # we support gh flow at first
-    github_auth_url = f"https://github.com/login/oauth/authorize?client_id={GITHUB_CLIENT_ID}&redirect_uri={GITHUB_REDIRECT_URI}&scope={GITHUB_SCOPES}&state={slack_user_id_jwt}-{channel_id}"
+    github_auth_url = f"https://github.com/login/oauth/authorize?client_id={GITHUB_CLIENT_ID}&redirect_uri={GITHUB_REDIRECT_URI}&scope={GITHUB_SCOPES}&state={slack_state_jwt}"
 
     client.views_open(
         trigger_id=command["trigger_id"],

diff --git a/service_auth/helpers.py b/service_auth/helpers.py
@@ -38,8 +38,6 @@ def validate_gh_call_params(code, state):
         raise ValidationError("Missing code parameter")
     if not state:
         raise ValidationError("Missing state parameter")
-    if "-" not in state:
-        raise ValidationError("Invalid state parameter")
 
 
 def get_github_user(access_token):

diff --git a/service_auth/views.py b/service_auth/views.py
@@ -29,11 +29,13 @@ def get(self, request, format=None):
         state = request.GET.get("state")
         validate_gh_call_params(code, state)
 
-        user_id_state = state.split("-")[0]
         user_id = jwt.decode(
-            user_id_state, USER_ID_SECRET, algorithms=["HS256"]
+            state, USER_ID_SECRET, algorithms=["HS256"]
         )["user_id"]
-        channel_id = state.split("-")[1]
+
+        channel_id =  jwt.decode(
+            state, USER_ID_SECRET, algorithms=["HS256"]
+        )["channel_id"]
 
         # Exchange the authorization code for an access token
         headers = {"Accept": "application/json"}