diff options
| author | harryzcy <harry@harryzheng.com> | 2023-07-19 04:57:10 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-19 09:57:10 +0000 |
| commit | 0f9f6567bb8117dbc23f2cbc664c40a4816eb326 (patch) | |
| tree | c602034c3c7aef7700189a58a6f2049bf63c5e5b /services/auth/source/oauth2 | |
| parent | 50e14699d3951ece4b9eb3f72cb266056e799f63 (diff) | |
| download | gitea-0f9f6567bb8117dbc23f2cbc664c40a4816eb326.tar.gz gitea-0f9f6567bb8117dbc23f2cbc664c40a4816eb326.zip | |
Bump github.com/golang-jwt/jwt to v5 (#25975)
Bumping `github.com/golang-jwt/jwt` from v4 to v5.
`github.com/golang-jwt/jwt` v5 is bringing some breaking changes:
- standard `Valid()` method on claims is removed. It's replaced by
`ClaimsValidator` interface implementing `Validator()` method instead,
which is called after standard validation. Gitea doesn't seem to be
using this logic.
- `jwt.Token` has a field `Valid`, so it's checked in `ParseToken`
function in `services/auth/source/oauth2/token.go`
---------
Co-authored-by: Giteabot <teabot@gitea.io>
Diffstat (limited to 'services/auth/source/oauth2')
| -rw-r--r-- | services/auth/source/oauth2/jwtsigningkey.go | 2 | ||||
| -rw-r--r-- | services/auth/source/oauth2/token.go | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go index 33bd3648e7..ff0d426e22 100644 --- a/services/auth/source/oauth2/jwtsigningkey.go +++ b/services/auth/source/oauth2/jwtsigningkey.go @@ -22,7 +22,7 @@ import ( "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) // ErrInvalidAlgorithmType represents an invalid algorithm error. diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go index 612c9db8cf..3405619d3f 100644 --- a/services/auth/source/oauth2/token.go +++ b/services/auth/source/oauth2/token.go @@ -9,7 +9,7 @@ import ( "code.gitea.io/gitea/modules/timeutil" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) // ___________ __ @@ -50,6 +50,9 @@ func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) { if err != nil { return nil, err } + if !parsedToken.Valid { + return nil, fmt.Errorf("invalid token") + } var token *Token var ok bool if token, ok = parsedToken.Claims.(*Token); !ok || !parsedToken.Valid { |