zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't stopping startup for illegal token.secret.key when auth.enabled is false. (#10273)

Browse Source
This commit is contained in:
杨翊 SionYang 2023-04-06 14:30:22 +08:00 committed by GitHub
parent 89685a65ed
commit 935e6a7f2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/authenticate/AbstractAuthenticationManager.java
View File

@ -70,7 +70,6 @@ public class AbstractAuthenticationManager implements IAuthenticationManager {
if (StringUtils.isBlank(token)) {
throw new AccessException("user not found!");
}
return jwtTokenManager.parseToken(token);
}

14
plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
View File

@ -16,6 +16,8 @@
package com.alibaba.nacos.plugin.auth.impl.token.impl;
import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.exception.runtime.NacosRuntimeException;
import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
import com.alibaba.nacos.common.notify.Event;
@ -101,6 +103,10 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
* @return token
*/
public String createToken(String userName) {
if (!authConfigs.isAuthEnabled()) {
return StringUtils.EMPTY;
}
checkJwtParser();
return jwtParser.jwtBuilder().setUserName(userName).setExpiredTime(this.tokenValidityInSeconds).compact();
}
@ -130,6 +136,7 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
}
public NacosUser parseToken(String token) throws AccessException {
checkJwtParser();
return jwtParser.parse(token);
}
@ -155,4 +162,11 @@ public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> impleme
public Class<? extends Event> subscribeType() {
return ServerConfigChangeEvent.class;
}
private void checkJwtParser() {
if (null == jwtParser) {
throw new NacosRuntimeException(NacosException.INVALID_PARAM,
"Please config `nacos.core.auth.plugin.nacos.token.secret.key`, detail see https://nacos.io/zh-cn/docs/v2/guide/user/auth.html");
}
}
}

10
plugin-default-impl/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
View File

@ -34,6 +34,7 @@ import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.concurrent.TimeUnit;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
@ -46,6 +47,7 @@ public class JwtTokenManagerTest {
@Before
public void setUp() {
when(authConfigs.isAuthEnabled()).thenReturn(true);
MockEnvironment mockEnvironment = new MockEnvironment();
mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY, Base64.getEncoder().encodeToString(
"SecretKey0123$567890$234567890123456789012345678901234567890123456789".getBytes(
@ -91,7 +93,6 @@ public class JwtTokenManagerTest {
@Test
public void testInvalidSecretKey() {
when(authConfigs.isAuthEnabled()).thenReturn(true);
Assert.assertThrows(IllegalArgumentException.class, () -> createToken("0123456789ABCDEF0123456789ABCDE"));
}
@ -105,6 +106,13 @@ public class JwtTokenManagerTest {
Assert.assertTrue(jwtTokenManager.getExpiredTimeInSeconds(jwtTokenManager.createToken("nacos")) > 0);
}
@Test
public void testCreateTokenWhenDisableAuth() {
when(authConfigs.isAuthEnabled()).thenReturn(false);
jwtTokenManager = new JwtTokenManager(authConfigs);
assertEquals("", jwtTokenManager.createToken("nacos"));
}
@Test
public void testNacosJwtParser() throws AccessException {
String secretKey = "SecretKey0123$567890$234567890123456789012345678901234567890123456789";