Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE #12060] fix too large ttl when auth disabled #12090

Merged
merged 3 commits into from
May 20, 2024
Merged

[ISSUE #12060] fix too large ttl when auth disabled #12090

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4184147
[ISSUE #12060] fix too large ttl when auth disabled
DemonHugo May 12, 2024
b337b95
[ISSUE #12060] add unit test
DemonHugo May 13, 2024
10cd453
[ISSUE alibaba#12060] fix style issue
DemonHugo May 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions ...h-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,10 +103,13 @@ public String createToken(Authentication authentication) {
* @return token
*/
public String createToken(String userName) {
if (!authConfigs.isAuthEnabled()) {
// create a token when auth enabled or nacos.core.auth.plugin.nacos.token.secret.key is configured
if (!authConfigs.isAuthEnabled() && null == jwtParser) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

应该不用判断jwtParser,如果未开启鉴权,无论是有jwtParser应该都不需要计算jwtparser的

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

而且下面有校验jwtparser

return AUTH_DISABLED_TOKEN;
} else if (authConfigs.isAuthEnabled()) {
// check nacos.core.auth.plugin.nacos.token.secret.key only if auth enabled
checkJwtParser();
}
checkJwtParser();
return jwtParser.jwtBuilder().setUserName(userName).setExpiredTime(this.tokenValidityInSeconds).compact();
}

Expand Down Expand Up @@ -147,7 +150,7 @@ public long getTokenValidityInSeconds() {
@Override
public long getTokenTtlInSeconds(String token) throws AccessException {
if (!authConfigs.isAuthEnabled()) {
return TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + tokenValidityInSeconds;
return tokenValidityInSeconds;
}
return jwtParser.getExpireTimeInSeconds(token) - TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
}
Expand Down
39 changes: 38 additions & 1 deletion ...ugin/src/test/java/com/alibaba/nacos/plugin/auth/impl/token/impl/JwtTokenManagerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import java.util.concurrent.TimeUnit;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.mockito.Mockito.when;

@RunWith(MockitoJUnitRunner.class)
Expand Down Expand Up @@ -105,13 +106,49 @@ public void testGetTokenTtlInSeconds() throws AccessException {
public void testGetExpiredTimeInSeconds() throws AccessException {
Assert.assertTrue(jwtTokenManager.getExpiredTimeInSeconds(jwtTokenManager.createToken("nacos")) > 0);
}

@Test
public void testGetTokenTtlInSecondsWhenAuthDisabled() throws AccessException {
when(authConfigs.isAuthEnabled()).thenReturn(false);
// valid secret key
String ttl = EnvUtil.getProperty(AuthConstants.TOKEN_EXPIRE_SECONDS);
Assert.assertEquals(Integer.parseInt(ttl), jwtTokenManager.getTokenTtlInSeconds(jwtTokenManager.createToken("nacos")));
// invalid secret key
MockEnvironment mockEnvironment = new MockEnvironment();
mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY, "");
EnvUtil.setEnvironment(mockEnvironment);
jwtTokenManager = new JwtTokenManager(authConfigs);
Assert.assertEquals(Integer.parseInt(ttl), jwtTokenManager.getTokenTtlInSeconds(jwtTokenManager.createToken("nacos")));
}

@Test
public void testCreateTokenWhenDisableAuth() {
public void testCreateTokenWhenDisableAuthAndSecretKeyIsBlank() {
when(authConfigs.isAuthEnabled()).thenReturn(false);
MockEnvironment mockEnvironment = new MockEnvironment();
mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY, "");
mockEnvironment
.setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());

EnvUtil.setEnvironment(mockEnvironment);
jwtTokenManager = new JwtTokenManager(authConfigs);
assertEquals("AUTH_DISABLED", jwtTokenManager.createToken("nacos"));
}

@Test
public void testCreateTokenWhenDisableAuthAndSecretKeyIsNotBlank() throws AccessException {
when(authConfigs.isAuthEnabled()).thenReturn(false);
MockEnvironment mockEnvironment = new MockEnvironment();
String tmpKey = "SecretKey0123567890234567890123456789012345678901234567890123456789";
mockEnvironment.setProperty(AuthConstants.TOKEN_SECRET_KEY,
Base64.getEncoder().encodeToString(tmpKey.getBytes(StandardCharsets.UTF_8)));
mockEnvironment
.setProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS.toString());
EnvUtil.setEnvironment(mockEnvironment);
jwtTokenManager = new JwtTokenManager(authConfigs);
String token = jwtTokenManager.createToken("nacos");
assertNotEquals("AUTH_DISABLED", token);
jwtTokenManager.validateToken(token);
}

@Test
public void testNacosJwtParser() throws AccessException {
Expand Down
Loading