mirror of
https://github.com/processone/ejabberd.git
synced 2025-01-05 18:23:45 +01:00
Improve robustness of reading jwt_key option
This commit is contained in:
parent
50ef982eff
commit
6d6e3e348d
@ -159,6 +159,8 @@ format_error({bad_pem, Why, Path}) ->
|
|||||||
[Path, pkix:format_error(Why)]);
|
[Path, pkix:format_error(Why)]);
|
||||||
format_error({bad_cert, Why, Path}) ->
|
format_error({bad_cert, Why, Path}) ->
|
||||||
format_error({bad_pem, Why, Path});
|
format_error({bad_pem, Why, Path});
|
||||||
|
format_error({bad_jwt_key, Path}) ->
|
||||||
|
format("No valid JWT key found in file: ~s", [Path]);
|
||||||
format_error({bad_jid, Bad}) ->
|
format_error({bad_jid, Bad}) ->
|
||||||
format("Invalid XMPP address: ~s", [Bad]);
|
format("Invalid XMPP address: ~s", [Bad]);
|
||||||
format_error({bad_user, Bad}) ->
|
format_error({bad_user, Bad}) ->
|
||||||
|
@ -64,7 +64,7 @@ check_password(User, AuthzId, Server, Token) ->
|
|||||||
%%% Internal functions
|
%%% Internal functions
|
||||||
%%%----------------------------------------------------------------------
|
%%%----------------------------------------------------------------------
|
||||||
check_jwt_token(User, Server, Token) ->
|
check_jwt_token(User, Server, Token) ->
|
||||||
JWK = get_jwk(Server),
|
JWK = ejabberd_option:jwt_key(Server),
|
||||||
try jose_jwt:verify(JWK, Token) of
|
try jose_jwt:verify(JWK, Token) of
|
||||||
{true, {jose_jwt, Fields}, Signature} ->
|
{true, {jose_jwt, Fields}, Signature} ->
|
||||||
?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]),
|
?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]),
|
||||||
@ -100,9 +100,6 @@ check_jwt_token(User, Server, Token) ->
|
|||||||
false
|
false
|
||||||
end.
|
end.
|
||||||
|
|
||||||
get_jwk(Host) ->
|
|
||||||
jose_jwk:from_binary(ejabberd_option:jwt_key(Host)).
|
|
||||||
|
|
||||||
%% TODO: auth0 username is defined in 'jid' field, but we should
|
%% TODO: auth0 username is defined in 'jid' field, but we should
|
||||||
%% allow customizing the name of the field containing the username
|
%% allow customizing the name of the field containing the username
|
||||||
%% to adapt to custom claims.
|
%% to adapt to custom claims.
|
||||||
|
@ -424,10 +424,10 @@ include_config_file() ->
|
|||||||
include_config_file(Host) ->
|
include_config_file(Host) ->
|
||||||
ejabberd_config:get_option({include_config_file, Host}).
|
ejabberd_config:get_option({include_config_file, Host}).
|
||||||
|
|
||||||
-spec jwt_key() -> binary().
|
-spec jwt_key() -> jose_jwk:key().
|
||||||
jwt_key() ->
|
jwt_key() ->
|
||||||
jwt_key(global).
|
jwt_key(global).
|
||||||
-spec jwt_key(global | binary()) -> binary().
|
-spec jwt_key(global | binary()) -> jose_jwk:key().
|
||||||
jwt_key(Host) ->
|
jwt_key(Host) ->
|
||||||
ejabberd_config:get_option({jwt_key, Host}).
|
ejabberd_config:get_option({jwt_key, Host}).
|
||||||
|
|
||||||
|
@ -399,7 +399,13 @@ opt_type(jwt_key) ->
|
|||||||
econf:file(),
|
econf:file(),
|
||||||
fun(Path) ->
|
fun(Path) ->
|
||||||
case file:read_file(Path) of
|
case file:read_file(Path) of
|
||||||
{ok, Binary} -> Binary;
|
{ok, Data} ->
|
||||||
|
try jose_jwk:from_binary(Data) of
|
||||||
|
{error, _} -> econf:fail({bad_jwt_key, Path});
|
||||||
|
Ret -> Ret
|
||||||
|
catch _:_ ->
|
||||||
|
econf:fail({bad_jwt_key, Path})
|
||||||
|
end;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
econf:fail({read_file, Reason, Path})
|
econf:fail({read_file, Reason, Path})
|
||||||
end
|
end
|
||||||
@ -422,7 +428,7 @@ opt_type(jwt_key) ->
|
|||||||
{shaper, #{atom() => ejabberd_shaper:shaper_rate()}} |
|
{shaper, #{atom() => ejabberd_shaper:shaper_rate()}} |
|
||||||
{shaper_rules, [{atom(), [ejabberd_shaper:shaper_rule()]}]} |
|
{shaper_rules, [{atom(), [ejabberd_shaper:shaper_rule()]}]} |
|
||||||
{api_permissions, [ejabberd_access_permissions:permission()]} |
|
{api_permissions, [ejabberd_access_permissions:permission()]} |
|
||||||
{jwt_key, binary()} |
|
{jwt_key, jose_jwk:key()} |
|
||||||
{append_host_config, [{binary(), any()}]} |
|
{append_host_config, [{binary(), any()}]} |
|
||||||
{host_config, [{binary(), any()}]} |
|
{host_config, [{binary(), any()}]} |
|
||||||
{define_macro, any()} |
|
{define_macro, any()} |
|
||||||
|
Loading…
Reference in New Issue
Block a user