TT#130750 do not pack() jwt secret

* the extra packing of the secret key during encode/decode conflicts with the API v2 implementation * move JWT "typ" from the payload to the header Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861 (cherry picked from commit 53408c2e94)
4 years ago · 1870bb7bdf
parent 3c305367fb
commit 1870bb7bdf
3 changed files with 7 additions and 14 deletions
--- a/lib/NGCP/Panel/Authentication/Credential/JWT.pm
+++ b/lib/NGCP/Panel/Authentication/Credential/JWT.pm
@ -55,8 +55,7 @@ sub authenticate {
    my $jwt_data;
    try {
-        my $raw_key = pack('H*', $self->jwt_key);
+        $jwt_data = decode_jwt(token=>$token, key=>$self->jwt_key, accepted_alg => $self->alg);
        $jwt_data = decode_jwt(token=>$token, key=>$raw_key, accepted_alg => $self->alg);
    } catch ($e) {
        # something happened
        $c->log->debug("Error decoding token: $e") if $self->debug;
--- a/lib/NGCP/Panel/Controller/Login.pm
+++ b/lib/NGCP/Panel/Controller/Login.pm
@ -64,15 +64,13 @@ sub login_index :Path Form {
                    );
                }
                my $raw_key = pack('H*', $key);
                my $jwt_data = {
                    id => $c->user->id,
                    username => $c->user->login,
                };
                my $token = encode_jwt(
                    payload => $jwt_data,
-                    key => $raw_key,
+                    key => $key,
                    alg => $alg,
                    $relative_exp ? (relative_exp => $relative_exp) : (),
                );
--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@ -522,8 +522,6 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
        return;
    }
    my $raw_key = pack('H*', $key);
    my $auth_user;
    if ($auth_token) {
        my $redis = NGCP::Panel::Utils::Redis::get_redis_connection($c, {database => $c->config->{'Plugin::Session'}->{redis_db}});
@ -641,9 +639,10 @@ sub login_jwt :Chained('/') :PathPart('login_jwt') :Args(0) :Method('POST') {
        };
        $result->{jwt} = encode_jwt(
            payload => $jwt_data,
-            key => $raw_key,
+            key => $key,
            alg => $alg,
            $relative_exp ? (relative_exp => $relative_exp) : (),
            extra_headers => { typ => 'JWT' },
        );
        $result->{subscriber_id} = int($auth_user->voip_subscriber->id // 0);
    } else {
@ -684,8 +683,6 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method(
        return;
    }
    my $raw_key = pack('H*', $key);
    my $auth_user;
    if ($auth_token) {
        my $redis = NGCP::Panel::Utils::Redis::get_redis_connection($c, {database => $c->config->{'Plugin::Session'}->{redis_db}});
@ -758,9 +755,10 @@ sub admin_login_jwt :Chained('/') :PathPart('admin_login_jwt') :Args(0) :Method(
        };
        $result->{jwt} = 'a='.encode_jwt(
            payload => $jwt_data,
-            key => $raw_key,
+            key => $key,
            alg => $alg,
            $relative_exp ? (relative_exp => $relative_exp) : (),
            extra_headers => { typ => 'JWT' },
        );
        $result->{id} = int($auth_user->id // 0);
    } else {
@ -797,15 +795,13 @@ sub login_to_v2 :Chained('/') :PathPart('login_to_v2') :Args(0) {
        );
    }
    my $raw_key = pack('H*', $key);
    my $jwt_data = {
        id => $c->user->id,
        username => $c->user->login,
    };
    my $token = encode_jwt(
        payload => $jwt_data,
-        key => $raw_key,
+        key => $key,
        alg => $alg,
        $relative_exp ? (relative_exp => $relative_exp) : (),
    );