Fix issues with JWT login

2016-04-01 19:04:28 +02:00 · 2016-04-01 19:04:28 +02:00 · 565c2edb0a
parent 89e6839a48
commit 565c2edb0a
2 changed files with 8 additions and 3 deletions
--- a/synapse/config/jwt.py
+++ b/synapse/config/jwt.py
@ -30,6 +30,8 @@ class JWTConfig(Config):

    def default_config(self, **kwargs):
        return """\
+        # The JWT needs to contain a globally unique "sub" (subject) claim.
+        #
        # jwt_config:
        #    enabled: true
        #    secret: "a secret"
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@ -224,16 +224,19 @@ class LoginRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def do_jwt_login(self, login_submission):
-        token = login_submission['token']
+        token = login_submission.get("token", None)
        if token is None:
-            raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
+            raise LoginError(401, "Token field for JWT is missing",
+                             errcode=Codes.UNAUTHORIZED)

        try:
            payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm])
+        except jwt.ExpiredSignatureError:
+            raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED)
        except InvalidTokenError:
            raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)

-        user = payload['user']
+        user = payload.get("sub", None)
        if user is None:
            raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)