zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: AuthConfigs illegal base64 character: '$' (#7209)

Browse Source 
- Add catch block, return getBytes result if base64 decode failed
- Add JwtTokenManager unit test

Closes #7203
This commit is contained in:
onewe 2021-11-12 11:02:45 +08:00 committed by GitHub
parent c6adbcaa20
commit d0b2c69d5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 70 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
View File

@ -24,11 +24,13 @@ import com.alibaba.nacos.common.notify.listener.Subscriber;
import com.alibaba.nacos.common.utils.ConvertUtils; import com.alibaba.nacos.common.utils.ConvertUtils;
import com.alibaba.nacos.sys.env.EnvUtil; import com.alibaba.nacos.sys.env.EnvUtil;
import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DecodingException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import java.nio.charset.StandardCharsets;
import java.util.Objects; import java.util.Objects;
/** /**
@ -90,7 +92,12 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
public byte[] getSecretKeyBytes() { public byte[] getSecretKeyBytes() {
if (secretKeyBytes == null) { if (secretKeyBytes == null) {
secretKeyBytes = Decoders.BASE64.decode(secretKey); try {
secretKeyBytes = Decoders.BASE64.decode(secretKey);
} catch (DecodingException e) {
secretKeyBytes = secretKey.getBytes(StandardCharsets.UTF_8);
}
} }
return secretKeyBytes; return secretKeyBytes;
} }
@ -148,7 +155,8 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
cachingEnabled = EnvUtil.getProperty("nacos.core.auth.caching.enabled", Boolean.class, true); cachingEnabled = EnvUtil.getProperty("nacos.core.auth.caching.enabled", Boolean.class, true);
serverIdentityKey = EnvUtil.getProperty("nacos.core.auth.server.identity.key", ""); serverIdentityKey = EnvUtil.getProperty("nacos.core.auth.server.identity.key", "");
serverIdentityValue = EnvUtil.getProperty("nacos.core.auth.server.identity.value", ""); serverIdentityValue = EnvUtil.getProperty("nacos.core.auth.server.identity.value", "");
enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class, false); enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class,
false);
} catch (Exception e) { } catch (Exception e) {
LOGGER.warn("Upgrade auth config from env failed, use old value", e); LOGGER.warn("Upgrade auth config from env failed, use old value", e);
} }

60
console/src/test/java/com/alibaba/nacos/console/security/nacos/JwtTokenManagerTest.java Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.console.security.nacos;
import com.alibaba.nacos.auth.common.AuthConfigs;
import io.jsonwebtoken.lang.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Field;
@RunWith(MockitoJUnitRunner.class)
public class JwtTokenManagerTest {
@Test
public void testCreateTokenAndSecretKeyWithoutSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
createToken("SecretKey0123$567890$234567890123456789012345678901234567890123456789");
}
@Test
public void testCreateTokenAndSecretKeyWithSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
createToken("SecretKey012345678901234567890123456789012345678901234567890123456789");
}
private void createToken(String secretKey) throws NoSuchFieldException, IllegalAccessException {
AuthConfigs authConfigs = new AuthConfigs();
injectProperty(authConfigs, "secretKey", secretKey);
injectProperty(authConfigs, "tokenValidityInSeconds", 300);
JwtTokenManager jwtTokenManager = new JwtTokenManager();
injectProperty(jwtTokenManager, "authConfigs", authConfigs);
String nacosToken = jwtTokenManager.createToken("nacos");
Assert.notNull(nacosToken);
jwtTokenManager.validateToken(nacosToken);
}
private void injectProperty(Object o, String propertyName, Object value)
throws NoSuchFieldException, IllegalAccessException {
Class<?> aClass = o.getClass();
Field declaredField = aClass.getDeclaredField(propertyName);
declaredField.setAccessible(true);
declaredField.set(o, value);
}
}