TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-15 20:38:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check error before using token (#7664)

Browse Source
This commit is contained in:
Silvan 2024-03-28 13:19:03 +01:00 committed by GitHub
parent dcb1c7fa75
commit bed0f6293b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@ -110,15 +110,15 @@ func (repo *TokenVerifierRepo) verifyAccessTokenV1(ctx context.Context, tokenID,
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
_, tokenSpan := tracing.NewNamedSpan(ctx, "token")
_, tokenSpan := tracing.NewNamedSpan(ctx, "tokenByID")
token, err := repo.tokenByID(ctx, tokenID, subject)
if token.Actor != nil {
return "", "", "", "", "", zerrors.ThrowPermissionDenied(nil, "APP-wai8O", "Errors.TokenExchange.Token.NotForAPI")
}
tokenSpan.EndWithError(err)
if err != nil {
return "", "", "", "", "", zerrors.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token")
}
if token.Actor != nil {
return "", "", "", "", "", zerrors.ThrowPermissionDenied(nil, "APP-wai8O", "Errors.TokenExchange.Token.NotForAPI")
}
if !token.Expiration.After(time.Now().UTC()) {
return "", "", "", "", "", zerrors.ThrowUnauthenticated(err, "APP-k9KS0", "invalid token")
}