mirror/api
1
0
Fork 0
mirror of https://github.com/unraid/api.git synced 2026-01-01 06:01:18 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: validate token format in both PHP and CLI

Browse Source
This commit is contained in:
Eli Bosley
2025-01-27 09:49:17 -05:00
parent 3734730bf7
commit b9d9105e3e
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/core/sso/sso-setup.ts
View File

@@ -23,8 +23,11 @@ function verifyUsernamePasswordAndSSO(string $username, string $password): bool
// We may have an SSO token, attempt validation // We may have an SSO token, attempt validation
if (strlen($password) > 800) { if (strlen($password) > 800) {
$safePassword = escapeshellarg($password); $safePassword = escapeshellarg($password);
if (!preg_match('/^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/', $password)) {
my_logger("SSO Login Attempt Failed: Invalid token format");
}
$response = exec("/usr/local/bin/unraid-api sso validate-token $safePassword", $output, $code); $response = exec("/usr/local/bin/unraid-api sso validate-token $safePassword", $output, $code);
my_logger("SSO Login Response: $response"); my_logger("SSO Login Attempt: $response");
if ($code === 0 && $response && strpos($response, '"valid":true') !== false) { if ($code === 0 && $response && strpos($response, '"valid":true') !== false) {
return true; return true;
} }

5
api/src/unraid-api/cli/sso/validate-token.command.ts
View File

@@ -38,10 +38,15 @@ export class ValidateTokenCommand extends CommandRunner {
} }
const token = passedParams[0]; const token = passedParams[0];
if (typeof token !== 'string' || token.trim() === '') { if (typeof token !== 'string' || token.trim() === '') {
this.createErrorAndExit('Invalid token provided'); this.createErrorAndExit('Invalid token provided');
} }
if (!/^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/.test(token)) {
this.createErrorAndExit('Token format is invalid');
}
let caughtError: null | unknown = null; let caughtError: null | unknown = null;
let tokenPayload: null | JWTPayload = null; let tokenPayload: null | JWTPayload = null;
try { try {