fix: AuthConfigs illegal base64 character: '$' (#7209)

- Add catch block, return getBytes result if base64 decode failed - Add JwtTokenManager unit test Closes #7203
2021-11-12 11:02:45 +08:00 · 2021-11-12 11:02:45 +08:00 · d0b2c69d5e
commit d0b2c69d5e
parent c6adbcaa20
2 changed files with 70 additions and 2 deletions
--- a/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
+++ b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
@ -24,11 +24,13 @@ import com.alibaba.nacos.common.notify.listener.Subscriber;
 import com.alibaba.nacos.common.utils.ConvertUtils;
 import com.alibaba.nacos.sys.env.EnvUtil;
 import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.io.DecodingException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;

+import java.nio.charset.StandardCharsets;
 import java.util.Objects;

 /**
@ -90,7 +92,12 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
    
    public byte[] getSecretKeyBytes() {
        if (secretKeyBytes == null) {
+            try {
                secretKeyBytes = Decoders.BASE64.decode(secretKey);
+            } catch (DecodingException e) {
+                secretKeyBytes = secretKey.getBytes(StandardCharsets.UTF_8);
+            }
+            
        }
        return secretKeyBytes;
    }
@ -148,7 +155,8 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
            cachingEnabled = EnvUtil.getProperty("nacos.core.auth.caching.enabled", Boolean.class, true);
            serverIdentityKey = EnvUtil.getProperty("nacos.core.auth.server.identity.key", "");
            serverIdentityValue = EnvUtil.getProperty("nacos.core.auth.server.identity.value", "");
-            enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class, false);
+            enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class,
+                    false);
        } catch (Exception e) {
            LOGGER.warn("Upgrade auth config from env failed, use old value", e);
        }
--- a/console/src/test/java/com/alibaba/nacos/console/security/nacos/JwtTokenManagerTest.java
+++ b/console/src/test/java/com/alibaba/nacos/console/security/nacos/JwtTokenManagerTest.java
@ -0,0 +1,60 @@
+/*
+ * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.security.nacos;
+
+import com.alibaba.nacos.auth.common.AuthConfigs;
+import io.jsonwebtoken.lang.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.lang.reflect.Field;
+
+@RunWith(MockitoJUnitRunner.class)
+public class JwtTokenManagerTest {
+    
+    @Test
+    public void testCreateTokenAndSecretKeyWithoutSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
+        createToken("SecretKey0123$567890$234567890123456789012345678901234567890123456789");
+        
+    }
+    
+    @Test
+    public void testCreateTokenAndSecretKeyWithSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
+        createToken("SecretKey012345678901234567890123456789012345678901234567890123456789");
+    }
+    
+    private void createToken(String secretKey) throws NoSuchFieldException, IllegalAccessException {
+        AuthConfigs authConfigs = new AuthConfigs();
+        injectProperty(authConfigs, "secretKey", secretKey);
+        injectProperty(authConfigs, "tokenValidityInSeconds", 300);
+        JwtTokenManager jwtTokenManager = new JwtTokenManager();
+        injectProperty(jwtTokenManager, "authConfigs", authConfigs);
+        String nacosToken = jwtTokenManager.createToken("nacos");
+        Assert.notNull(nacosToken);
+        jwtTokenManager.validateToken(nacosToken);
+    }
+    
+    private void injectProperty(Object o, String propertyName, Object value)
+            throws NoSuchFieldException, IllegalAccessException {
+        Class<?> aClass = o.getClass();
+        Field declaredField = aClass.getDeclaredField(propertyName);
+        declaredField.setAccessible(true);
+        declaredField.set(o, value);
+    }
+    
+}