Skip to content

Commit

Permalink
fix: correct jwt audience validation
Browse files Browse the repository at this point in the history
Signed-off-by: Antoine Jouve <[email protected]>
  • Loading branch information
an-toine committed Jan 25, 2024
1 parent e9a099e commit 4b33598
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 11 deletions.
2 changes: 0 additions & 2 deletions src/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -815,8 +815,6 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
Expand Down
10 changes: 1 addition & 9 deletions src/server/middleware/security/v2_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,6 @@ type v2TokenClaims struct {
Access []*registry_token.ResourceActions `json:"access"`
}

func (vtc *v2TokenClaims) Valid() error {
var v = jwt.NewValidator(jwt.WithLeeway(60*time.Second), jwt.WithAudience(svc_token.Registry))
if err := v.Validate(vtc.Claims); err != nil {
return err
}
return nil
}

type v2Token struct{}

func (vt *v2Token) Generate(req *http.Request) security.Context {
Expand All @@ -67,7 +59,7 @@ func (vt *v2Token) Generate(req *http.Request) security.Context {
logger.Warningf("failed to decode bearer token: %v", err)
return nil
}
var v = jwt.NewValidator(jwt.WithLeeway(60 * time.Second))
var v = jwt.NewValidator(jwt.WithLeeway(60 * time.Second), jwt.WithAudience(svc_token.Registry))
if err := v.Validate(t.Claims); err != nil {
logger.Warningf("failed to decode bearer token: %v", err)
return nil
Expand Down

0 comments on commit 4b33598

Please sign in to comment.