diff options
author | Niklas Riekenbrauck <nikriek@gmail.com> | 2016-04-01 19:04:28 +0200 |
---|---|---|
committer | Niklas Riekenbrauck <nikriek@gmail.com> | 2016-04-21 18:10:48 +0200 |
commit | 565c2edb0ace48a0e8b1bd62199bf0740554cc63 (patch) | |
tree | 3772472f7b0b9259344d73f1d66dd5fe507cfdf6 /synapse | |
parent | Merge pull request #686 from matrix-org/markjh/doc_strings (diff) | |
download | synapse-565c2edb0ace48a0e8b1bd62199bf0740554cc63.tar.xz |
Fix issues with JWT login
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/config/jwt.py | 2 | ||||
-rw-r--r-- | synapse/rest/client/v1/login.py | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/synapse/config/jwt.py b/synapse/config/jwt.py index 4cb092bbec..5c8199612b 100644 --- a/synapse/config/jwt.py +++ b/synapse/config/jwt.py @@ -30,6 +30,8 @@ class JWTConfig(Config): def default_config(self, **kwargs): return """\ + # The JWT needs to contain a globally unique "sub" (subject) claim. + # # jwt_config: # enabled: true # secret: "a secret" diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index d14ce3efa2..166a78026a 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -224,16 +224,19 @@ class LoginRestServlet(ClientV1RestServlet): @defer.inlineCallbacks def do_jwt_login(self, login_submission): - token = login_submission['token'] + token = login_submission.get("token", None) if token is None: - raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED) + raise LoginError(401, "Token field for JWT is missing", + errcode=Codes.UNAUTHORIZED) try: payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm]) + except jwt.ExpiredSignatureError: + raise LoginError(401, "JWT expired", errcode=Codes.UNAUTHORIZED) except InvalidTokenError: raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) - user = payload['user'] + user = payload.get("sub", None) if user is None: raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED) |