Merge pull request #687 from nikriek/jwt-fix

Fix issues with JWT login
pull/747/head
Erik Johnston 2016-04-21 17:42:25 +01:00
commit b9675ef6e6
2 changed files with 8 additions and 3 deletions

View File

@ -30,6 +30,8 @@ class JWTConfig(Config):
def default_config(self, **kwargs): def default_config(self, **kwargs):
return """\ return """\
# The JWT needs to contain a globally unique "sub" (subject) claim.
#
# jwt_config: # jwt_config:
# enabled: true # enabled: true
# secret: "a secret" # secret: "a secret"

View File

@ -224,16 +224,19 @@ class LoginRestServlet(ClientV1RestServlet):
@defer.inlineCallbacks @defer.inlineCallbacks
def do_jwt_login(self, login_submission): def do_jwt_login(self, login_submission):
token = login_submission['token'] token = login_submission.get("token", None)
if token is None: if token is None:
raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED) raise LoginError(401, "Token field for JWT is missing",
errcode=Codes.UNAUTHORIZED)
try: try:
payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm]) payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm])
except jwt.ExpiredSignatureError:
raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED)
except InvalidTokenError: except InvalidTokenError:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)
user = payload['user'] user = payload.get("sub", None)
if user is None: if user is None:
raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)