From 1f5b8c9a61a444d33591b7083501dffbad6a51a1 Mon Sep 17 00:00:00 2001 From: Kim Tore Jensen Date: Fri, 13 Sep 2024 13:53:25 +0200 Subject: [PATCH] hookd: better user-facing error message when JWT cannot be validated Co-authored-by: Trong Huu Nguyen --- pkg/grpc/interceptor/auth/githubvalidator.go | 2 +- pkg/grpc/interceptor/auth/server.go | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/grpc/interceptor/auth/githubvalidator.go b/pkg/grpc/interceptor/auth/githubvalidator.go index 0af62671..753dee16 100644 --- a/pkg/grpc/interceptor/auth/githubvalidator.go +++ b/pkg/grpc/interceptor/auth/githubvalidator.go @@ -37,7 +37,7 @@ func (g *GithubValidator) Validate(ctx context.Context, token string) (jwt.Token otherParseOpts := g.jwtOptions() t, err := jwt.Parse([]byte(token), append(otherParseOpts, keySetOpts)...) if err != nil { - return nil, fmt.Errorf("parse token: %w", err) + return nil, fmt.Errorf("invalid JWT token: %w", err) } return t, nil diff --git a/pkg/grpc/interceptor/auth/server.go b/pkg/grpc/interceptor/auth/server.go index 0b08d9a3..1e012cb0 100644 --- a/pkg/grpc/interceptor/auth/server.go +++ b/pkg/grpc/interceptor/auth/server.go @@ -64,14 +64,14 @@ func (s *ServerInterceptor) UnaryServerInterceptor(ctx context.Context, req inte return nil, status.Errorf(codes.InvalidArgument, "invalid metadata in request") } - jwt := get("jwt", md) + jwtToken := get("jwt", md) - if jwt != "" { - t, err := s.TokenValidator.Validate(ctx, jwt) + if jwtToken != "" { + t, err := s.TokenValidator.Validate(ctx, jwtToken) if err != nil { log.WithError(err).Infof("validating token") metrics.InterceptorRequest(requestTypeJWT, "invalid_jwt") - return nil, status.Errorf(codes.Unauthenticated, "invalid JWT token") + return nil, status.Errorf(codes.Unauthenticated, err.Error()) } r, ok := t.Get("repository") @@ -166,12 +166,12 @@ func (s *ServerInterceptor) StreamServerInterceptor(srv interface{}, ss grpc.Ser return status.Errorf(codes.InvalidArgument, "invalid metadata in request") } - jwt := get("jwt", md) + jwtToken := get("jwt", md) - if jwt != "" { - t, err := s.TokenValidator.Validate(ss.Context(), jwt) + if jwtToken != "" { + t, err := s.TokenValidator.Validate(ss.Context(), jwtToken) if err != nil { - return status.Errorf(codes.Unauthenticated, "invalid JWT token") + return status.Errorf(codes.Unauthenticated, err.Error()) } r, ok := t.Get("repository")