summaryrefslogtreecommitdiffstats
path: root/services/auth
diff options
context:
space:
mode:
Diffstat (limited to 'services/auth')
-rw-r--r--services/auth/source/oauth2/jwtsigningkey.go2
-rw-r--r--services/auth/source/oauth2/token.go5
2 files changed, 5 insertions, 2 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 33bd3648e7..ff0d426e22 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -22,7 +22,7 @@ import (
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
- "github.com/golang-jwt/jwt/v4"
+ "github.com/golang-jwt/jwt/v5"
)
// ErrInvalidAlgorithmType represents an invalid algorithm error.
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go
index 612c9db8cf..3405619d3f 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@@ -9,7 +9,7 @@ import (
"code.gitea.io/gitea/modules/timeutil"
- "github.com/golang-jwt/jwt/v4"
+ "github.com/golang-jwt/jwt/v5"
)
// ___________ __
@@ -50,6 +50,9 @@ func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {
if err != nil {
return nil, err
}
+ if !parsedToken.Valid {
+ return nil, fmt.Errorf("invalid token")
+ }
var token *Token
var ok bool
if token, ok = parsedToken.Claims.(*Token); !ok || !parsedToken.Valid {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 05:18:44 +0000