diff options
author | Erik Johnston <erik@matrix.org> | 2016-04-21 17:42:25 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2016-04-21 17:42:25 +0100 |
commit | b9675ef6e694c7f7f40bee5e4730866c7f217259 (patch) | |
tree | 4370ef1247309b2d929a5d52fe266f90cfcfb7d6 | |
parent | Merge pull request #743 from matrix-org/markjh/slave_pushers (diff) | |
parent | Fix issues with JWT login (diff) | |
download | synapse-b9675ef6e694c7f7f40bee5e4730866c7f217259.tar.xz |
Merge pull request #687 from nikriek/jwt-fix
Fix issues with JWT login
Diffstat (limited to '')
-rw-r--r-- | synapse/config/jwt.py | 2 | ||||
-rw-r--r-- | synapse/rest/client/v1/login.py | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/synapse/config/jwt.py b/synapse/config/jwt.py index 4cb092bbec..5c8199612b 100644 --- a/synapse/config/jwt.py +++ b/synapse/config/jwt.py @@ -30,6 +30,8 @@ class JWTConfig(Config): def default_config(self, **kwargs): return """\ + # The JWT needs to contain a globally unique "sub" (subject) claim. + # # jwt_config: # enabled: true # secret: "a secret" diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index d14ce3efa2..166a78026a 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -224,16 +224,19 @@ class LoginRestServlet(ClientV1RestServlet): @defer.inlineCallbacks def do_jwt_login(self, login_submission): - token = login_submission['token'] + token = login_submission.get("token", None) if token is None: - raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED) + raise LoginError(401, "Token field for JWT is missing", + errcode=Codes.UNAUTHORIZED) try: payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm]) + except jwt.ExpiredSignatureError: + raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED) except InvalidTokenError: raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) - user = payload['user'] + user = payload.get("sub", None) if user is None: raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) |