Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Fix issues with JWT login #687

Merged
merged 1 commit into from
Apr 21, 2016
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions synapse/config/jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ def read_config(self, config):

def default_config(self, **kwargs):
return """\
# The JWT needs to contain a globally unique "sub" (subject) claim.
#
# jwt_config:
# enabled: true
# secret: "a secret"
Expand Down
9 changes: 6 additions & 3 deletions synapse/rest/client/v1/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -224,16 +224,19 @@ def do_cas_login(self, cas_response_body):

@defer.inlineCallbacks
def do_jwt_login(self, login_submission):
token = login_submission['token']
token = login_submission.get("token", None)
if token is None:
raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
raise LoginError(401, "Token field for JWT is missing",
errcode=Codes.UNAUTHORIZED)

try:
payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm])
except jwt.ExpiredSignatureError:
raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED)
except InvalidTokenError:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)

user = payload['user']
user = payload.get("sub", None)
if user is None:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)

Expand Down