Skip to content

Commit

Permalink
fix: verify access token
Browse files Browse the repository at this point in the history
  • Loading branch information
Rached Ben Ayed committed Nov 28, 2022
1 parent da11845 commit 72fae6a
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions gcloud/middleware/auth/gcloud_service_account.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,12 @@ func (m GCloudServiceAccount) Wrap(h handler.Handler) handler.Handler {
return nil, errors.Err("access forbidden").WithStatus(http.StatusForbidden)
}

if err := m.VerifyServiceAccount(r, token); err != nil {
splitAuthHeader := strings.Split(token, " ")
if len(splitAuthHeader) == 0 {
return nil, errors.Err("access forbidden").WithStatus(http.StatusForbidden)
}

if err := m.VerifyServiceAccount(r, splitAuthHeader[1]); err != nil {
return nil, err
}

Expand All @@ -38,12 +43,7 @@ func (m GCloudServiceAccount) Wrap(h handler.Handler) handler.Handler {

// VerifyServiceAccount check if the token was sent by a gcloud service account
func (m GCloudServiceAccount) VerifyServiceAccount(r *http.Request, token string) error {
splitAuthHeader := strings.Split(token, " ")
if len(splitAuthHeader) == 0 {
return errors.Err("access forbidden").WithStatus(http.StatusForbidden)
}

payload, err := idtoken.Validate(r.Context(), splitAuthHeader[1], "")
payload, err := idtoken.Validate(r.Context(), token, "")
if err != nil {
// invalid token
return errors.Err("access forbidden").WithStatus(http.StatusForbidden)
Expand Down

0 comments on commit 72fae6a

Please sign in to comment.