Skip to content

Commit

Permalink
fix-expiration-of-token-from-actual-idtoken
Browse files Browse the repository at this point in the history 
Signed-off-by: Vasile Negru <[email protected]>
Signed-off-by: Vasile Negru <[email protected]>
Signed-off-by: Vasile Negru <[email protected]>
  • Loading branch information
Vasile Negru committed Aug 8, 2022
1 parent d4aba7a commit 913f917
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 12 deletions.
9 changes: 6 additions & 3 deletions server/auth/types/openid/helper.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
* permissions and limitations under the License.
*/

import {composeLogoutUrl, getExpirationDate, getRootUrl} from './helper';
import { composeLogoutUrl, getExpirationDate, getRootUrl } from './helper';

describe('test OIDC helper utility', () => {
test('test compose logout url', () => {
Expand Down Expand Up @@ -138,8 +138,11 @@ describe('test OIDC helper utility', () => {
expect('http://server.com:80').toEqual(getRootUrl(config, core, request));
});


test('extract expiration time from jwt token', () => {
expect(1658582700000).toEqual(getExpirationDate("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Imtld2lRcTlqaUM4NEN2U3NKWU9CLU42QThXRkxTVjIwTWIteTdJbFdEU1EifQ.eyJpc3MiOiJodHRwczovL2dpdGxhYi5jb20iLCJzdWIiOiI5ODc5ODQ1IiwiYXVkIjoiOTkzZWM3MTA3YjNlZmJiZTRkZDdjYmE1NDRmMDU4YTMyMmIwN2M0ZmQ5MTljMzdkMGM4ODQ5MjljYzVkM2U5NiIsImV4cCI6MTY1ODU4MjcwMCwiaWF0IjoxNjU4NTgyNTgwLCJhdXRoX3RpbWUiOjE2NTgzMjU1ODgsInN1Yl9sZWdhY3kiOiIxYWNiYzI5ZGFkOWViMGI0MjM3YTVhMTEzNzg2M2E4ZDNlNDFkOGRjOWJhMzJlYzFkOGIwMWJjODY5NzczMGM0IiwiZ3JvdXBzX2RpcmVjdCI6WyJlb3NmaW50ZWsiLCJlNDM4NyJdfQ.CVgOC3K4e95cOY2akmGBWJcSGjkyO517N_784ob2Tj3aeMpyk-O_OsbUhmt_Fu_XvqSk5dY02c1a8Ngav8_7MOsHb6MovYQsnIE0ddxtJSY2uswOWX53cE2SPU-G-s8vVLX-MfIG1_Mfg2cYE-eL2nRlSSrMug9IXiiWGoQuS0vrjuomgoq3gZnNCM-Yn-2TI3YZSsluyaODMnW2yVCeu8ZMJp6ZbCMBwAwq-dMVENF9jEHJqtRgOOP1OXJ9scapS14IHXaUrHkxlyRDRYKMZ727hQs_aMHZAlLyycz_9xI2RgZ4dTOldbXZeBUrOZvwe5ZMdok3a9LYr91clFu-pA24zHFUeFqjcVRMxhYZAD4wYdG26pYk1Otk9auvSaPd6Rsk4fK_tA7hVWCM1NMO1lhQ0RzLl4MRKx4NJrjm4jlodUGx3k_js2YtXYdKGNwWcm2ESTUgPdL1dQus3ll5Lr_wt5uY3GYjCtDA6BcZWhRewgWdmJ8hPx8JNuz3Sw2bDxjgmZqCQ4I4WMa-HncAshfZY-mLlWOkxN9kzHSXIZGa-No6_u9JZwfKdZXkK9UJMAuY4SH5PcvJitVAVDPg6EQa1Ne8AkVFOBfPF0_S3QZnW4D7kRNhs0pr-eyBb3cUACLPjS4maCccQ6MSBZ9RYy3l0wgitRv2SVIBvBH0eN4"));
expect(1658582700000).toEqual(
getExpirationDate(
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Imtld2lRcTlqaUM4NEN2U3NKWU9CLU42QThXRkxTVjIwTWIteTdJbFdEU1EifQ.eyJpc3MiOiJodHRwczovL2dpdGxhYi5jb20iLCJzdWIiOiI5ODc5ODQ1IiwiYXVkIjoiOTkzZWM3MTA3YjNlZmJiZTRkZDdjYmE1NDRmMDU4YTMyMmIwN2M0ZmQ5MTljMzdkMGM4ODQ5MjljYzVkM2U5NiIsImV4cCI6MTY1ODU4MjcwMCwiaWF0IjoxNjU4NTgyNTgwLCJhdXRoX3RpbWUiOjE2NTgzMjU1ODgsInN1Yl9sZWdhY3kiOiIxYWNiYzI5ZGFkOWViMGI0MjM3YTVhMTEzNzg2M2E4ZDNlNDFkOGRjOWJhMzJlYzFkOGIwMWJjODY5NzczMGM0IiwiZ3JvdXBzX2RpcmVjdCI6WyJlb3NmaW50ZWsiLCJlNDM4NyJdfQ.CVgOC3K4e95cOY2akmGBWJcSGjkyO517N_784ob2Tj3aeMpyk-O_OsbUhmt_Fu_XvqSk5dY02c1a8Ngav8_7MOsHb6MovYQsnIE0ddxtJSY2uswOWX53cE2SPU-G-s8vVLX-MfIG1_Mfg2cYE-eL2nRlSSrMug9IXiiWGoQuS0vrjuomgoq3gZnNCM-Yn-2TI3YZSsluyaODMnW2yVCeu8ZMJp6ZbCMBwAwq-dMVENF9jEHJqtRgOOP1OXJ9scapS14IHXaUrHkxlyRDRYKMZ727hQs_aMHZAlLyycz_9xI2RgZ4dTOldbXZeBUrOZvwe5ZMdok3a9LYr91clFu-pA24zHFUeFqjcVRMxhYZAD4wYdG26pYk1Otk9auvSaPd6Rsk4fK_tA7hVWCM1NMO1lhQ0RzLl4MRKx4NJrjm4jlodUGx3k_js2YtXYdKGNwWcm2ESTUgPdL1dQus3ll5Lr_wt5uY3GYjCtDA6BcZWhRewgWdmJ8hPx8JNuz3Sw2bDxjgmZqCQ4I4WMa-HncAshfZY-mLlWOkxN9kzHSXIZGa-No6_u9JZwfKdZXkK9UJMAuY4SH5PcvJitVAVDPg6EQa1Ne8AkVFOBfPF0_S3QZnW4D7kRNhs0pr-eyBb3cUACLPjS4maCccQ6MSBZ9RYy3l0wgitRv2SVIBvBH0eN4'
)
);
});
});
11 changes: 5 additions & 6 deletions server/auth/types/openid/helper.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,12 +123,11 @@ export interface TokenResponse {

export function getExpirationDate(idToken: string | undefined) {
if (!idToken) {
throw new Error("Invalid token");
}
else{
const parts = idToken.split(".");
if (parts.length!=3) {
throw new Error("Invalid token");
throw new Error('Invalid token');
} else {
const parts = idToken.split('.');
if (parts.length != 3) {
throw new Error('Invalid token');
}
const claim = JSON.parse(Buffer.from(parts[1], 'base64').toString());
return claim.exp * 1000;
Expand Down
2 changes: 1 addition & 1 deletion server/auth/types/openid/openid_auth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ import { OpenIdAuthRoutes } from './routes';
import { AuthenticationType } from '../authentication_type';
import { callTokenEndpoint } from './helper';
import { composeNextUrlQueryParam } from '../../../utils/next_url';
import { getExpirationDate } from "./helper";
import { getExpirationDate } from './helper';

export interface OpenIdAuthConfig {
authorizationEndpoint?: string;
Expand Down
5 changes: 3 additions & 2 deletions server/auth/types/openid/routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import { OpenIdAuthConfig } from './openid_auth';
import { SecurityClient } from '../../../backend/opensearch_security_client';
import { getBaseRedirectUrl, callTokenEndpoint, composeLogoutUrl } from './helper';
import { validateNextUrl } from '../../../utils/next_url';
import { getExpirationDate } from "./helper";
import { getExpirationDate } from './helper';

export class OpenIdAuthRoutes {
private static readonly NONCE_LENGTH: number = 22;
Expand Down Expand Up @@ -156,7 +156,8 @@ export class OpenIdAuthRoutes {
);

// set to cookie
let expirationDate = tokenResponse.idToken ? getExpirationDate(tokenResponse.idToken)
let expirationDate = tokenResponse.idToken
? getExpirationDate(tokenResponse.idToken)
: Date.now() + tokenResponse.expiresIn! * 1000;
const sessionStorage: SecuritySessionCookie = {
username: user.username,
Expand Down

0 comments on commit 913f917

Please sign in to comment.