fix token handling

1lann · 1lann · commit 69c891e0b1cc · 2024-09-07T00:15:33.000-04:00
diff --git a/callback.go b/callback.go
@@ -79,7 +79,7 @@ func (t *Tmpauth) authCallback(w http.ResponseWriter, r *http.Request) (int, err
 		})
 	}
 
-	token, err := t.ParseAuthJWT(tokenStr, backgroundWorker.MinValidationTime())
+	token, err := t.ParseAuthJWT(tokenStr, "", backgroundWorker.MinValidationTime())
 	if err != nil {
 		t.DebugLog(fmt.Sprintf("failed to verify callback token: %v", err))
 		return t.failRedirect(w, r, ErrInvalidCallbackToken)
@@ -111,6 +111,7 @@ func (t *Tmpauth) authCallback(w http.ResponseWriter, r *http.Request) (int, err
 
 	// token validated, can cache now
 	tokenID := sha256.Sum256([]byte(wToken))
+	token.RawToken = wToken
 	t.tokenCacheMutex.Lock()
 	t.TokenCache[tokenID] = token
 	t.tokenCacheMutex.Unlock()
diff --git a/token.go b/token.go
@@ -147,7 +147,7 @@ func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error) {
 
 	wToken := wTokenRaw.Claims.(*wrappedToken)
 
-	cachedToken, err = t.ParseAuthJWT(wToken.Token, minValidationTime)
+	cachedToken, err = t.ParseAuthJWT(wToken.Token, tokenStr, minValidationTime)
 	if err != nil {
 		return nil, err
 	}
@@ -159,7 +159,7 @@ func (t *Tmpauth) ParseWrappedAuthJWT(tokenStr string) (*CachedToken, error) {
 	return cachedToken, nil
 }
 
-func (t *Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (*CachedToken, error) {
+func (t *Tmpauth) ParseAuthJWT(tokenStr string, wrappedToken string, minValidationTime time.Time) (*CachedToken, error) {
 	if t.miniServerHost != "" {
 		return nil, errors.New("tmpauth: mini server endpoint is set, cannot parse auth JWTs")
 	}
@@ -258,7 +258,7 @@ func (t *Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (*C
 		IssuedAt:       iat,
 		StateID:        stateID,
 		ValidatedAt:    minValidationTime,
-		RawToken:       tokenStr,
+		RawToken:       wrappedToken,
 		headersMutex:   new(sync.RWMutex),
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ func (t Tmpauth) ParseWrappedAuthJWT(tokenStr string) (CachedToken, error) {`
`147`	`147`
`148`	`148`	`wToken := wTokenRaw.Claims.(*wrappedToken)`
`149`	`149`
`150`		`- cachedToken, err = t.ParseAuthJWT(wToken.Token, minValidationTime)`
	`150`	`+ cachedToken, err = t.ParseAuthJWT(wToken.Token, tokenStr, minValidationTime)`
`151`	`151`	`if err != nil {`
`152`	`152`	`return nil, err`
`153`	`153`	`}`
`@@ -159,7 +159,7 @@ func (t Tmpauth) ParseWrappedAuthJWT(tokenStr string) (CachedToken, error) {`
`159`	`159`	`return cachedToken, nil`
`160`	`160`	`}`
`161`	`161`
`162`		`-func (t Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (CachedToken, error) {`
	`162`	`+func (t Tmpauth) ParseAuthJWT(tokenStr string, wrappedToken string, minValidationTime time.Time) (CachedToken, error) {`
`163`	`163`	`if t.miniServerHost != "" {`
`164`	`164`	`return nil, errors.New("tmpauth: mini server endpoint is set, cannot parse auth JWTs")`
`165`	`165`	`}`
`@@ -258,7 +258,7 @@ func (t Tmpauth) ParseAuthJWT(tokenStr string, minValidationTime time.Time) (C`
`258`	`258`	`IssuedAt: iat,`
`259`	`259`	`StateID: stateID,`
`260`	`260`	`ValidatedAt: minValidationTime,`
`261`		`- RawToken: tokenStr,`
	`261`	`+ RawToken: wrappedToken,`
`262`	`262`	`headersMutex: new(sync.RWMutex),`
`263`	`263`	`}`
`264`	`264`