Skip to content

C
canifa_note
Unverified Commit 064c930a authored by Athurg Gooth's avatar Athurg Gooth Committed by GitHub
Browse files
Options

fix: validate username before create token (#2439) 

Validate username before create token
parent 043357d7
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 1 deletion
api/v2/user_service.go
View file @ 064c930a
......@@ -231,7 +231,22 @@ func (s *UserService) CreateUserAccessToken(ctx context.Context, request *apiv2p
if request.ExpiresAt != nil {
expiresAt = request.ExpiresAt.AsTime()
}
accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, expiresAt, []byte(s.Secret))
// Create access token for other users need to be verified.
if user.Username != request.Username {
// Normal users can only create access tokens for others.
if user.Role == store.RoleUser {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
// The request user must be exist.
requestUser, err := s.Store.GetUser(ctx, &store.FindUser{Username: &request.Username})
if requestUser == nil || err != nil {
return nil, status.Errorf(codes.NotFound, "fail to find user %s", request.Username)
}
}
accessToken, err := auth.GenerateAccessToken(request.Username, user.ID, expiresAt, []byte(s.Secret))
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment