IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-02-06 09:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove unnecessary checks after decryptAndVerify

Browse Source
This commit is contained in:
clauspeterhuebner 2025-07-01 18:46:08 +02:00
parent 81de0c6c07
commit 495017c404
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/auth/jwt/JWT.ts
View File

@ -12,7 +12,7 @@ import { EncryptedJWEJwtPayloadType } from './payloadtypes/EncryptedJWEJwtPayloa
export const createKeyPair = async (): Promise<{ publicKey: string; privateKey: string }> => {
// Generate key pair using jose library
const keyPair = await generateKeyPair('RS256');
logger.debug(`Federation: writeJwtKeyPairInHomeCommunity generated keypair=`, keyPair);
logger.debug(`Federation: writeJwtKeyPairInHomeCommunity generated keypair...`);
// Convert keys to PEM format for storage in database
const publicKeyPem = await exportSPKI(keyPair.publicKey);
@ -47,7 +47,7 @@ export const verify = async (token: string, publicKey: string): Promise<JwtPaylo
export const encode = async (payload: JwtPayloadType, privatekey: string): Promise<string> => {
logger.debug('JWT.encode... payload=', payload)
logger.debug('JWT.encode... privatekey=', privatekey)
logger.debug('JWT.encode... privatekey=', privatekey.substring(0, 10))
try {
const importedKey = await importPKCS8(privatekey, 'RS256')
const secret = typeof importedKey === 'string'

2
federation/src/graphql/api/1_0/resolver/AuthenticationResolver.ts
View File

@ -52,6 +52,7 @@ export class AuthenticationResolver {
if (openConnectionJwtPayload.tokentype !== OpenConnectionJwtPayloadType.OPEN_CONNECTION_TYPE) {
throw new LogError(`invalid tokentype of community with publicKey`, pubKeyBuf.toString('hex'))
}
/*
if (openConnectionJwtPayload.expiration < new Date().toISOString()) {
throw new LogError(`invalid expiration of community with publicKey`, pubKeyBuf.toString('hex'))
}
@ -61,6 +62,7 @@ export class AuthenticationResolver {
if (openConnectionJwtPayload.audience !== JwtPayloadType.AUDIENCE) {
throw new LogError(`invalid audience of community with publicKey`, pubKeyBuf.toString('hex'))
}
*/
const fedComA = await DbFedCommunity.findOneByOrFail({ publicKey: comA.publicKey })
if (!openConnectionJwtPayload.url.startsWith(fedComA.endPoint)) {
throw new LogError(`invalid url of community with publicKey`, pubKeyBuf.toString('hex'))