mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-30 07:32:39 +01:00
Fixed OIDC JWT key parsing in microsoft environments
Made existence of 'alg' optional when JWK array set so we instead infer it as RSA256 if not existing. Fixes #3206
This commit is contained in:
parent
c11f795c1d
commit
73eac83afe
@ -60,8 +60,11 @@ class OidcJwtSigningKey
|
||||
*/
|
||||
protected function loadFromJwkArray(array $jwk)
|
||||
{
|
||||
if ($jwk['alg'] !== 'RS256') {
|
||||
throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$jwk['alg']}");
|
||||
// 'alg' is optional for a JWK, but we will still attempt to validate if
|
||||
// it exists otherwise presume it will be compatible.
|
||||
$alg = $jwk['alg'] ?? null;
|
||||
if ($jwk['kty'] !== 'RSA' || !(is_null($alg) || $alg === 'RS256')) {
|
||||
throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$alg}");
|
||||
}
|
||||
|
||||
if (empty($jwk['use'])) {
|
||||
|
@ -164,7 +164,8 @@ class OidcProviderSettings
|
||||
protected function filterKeys(array $keys): array
|
||||
{
|
||||
return array_filter($keys, function (array $key) {
|
||||
return $key['kty'] === 'RSA' && $key['use'] === 'sig' && $key['alg'] === 'RS256';
|
||||
$alg = $key['alg'] ?? null;
|
||||
return $key['kty'] === 'RSA' && $key['use'] === 'sig' && (is_null($alg) || $alg === 'RS256');
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -318,6 +318,31 @@ class OidcTest extends TestCase
|
||||
$this->assertCount(4, $transactions);
|
||||
}
|
||||
|
||||
public function test_auth_login_with_autodiscovery_with_keys_that_do_not_have_alg_property()
|
||||
{
|
||||
$this->withAutodiscovery();
|
||||
|
||||
$keyArray = OidcJwtHelper::publicJwkKeyArray();
|
||||
unset($keyArray['alg']);
|
||||
|
||||
$this->mockHttpClient([
|
||||
$this->getAutoDiscoveryResponse(),
|
||||
new Response(200, [
|
||||
'Content-Type' => 'application/json',
|
||||
'Cache-Control' => 'no-cache, no-store',
|
||||
'Pragma' => 'no-cache',
|
||||
], json_encode([
|
||||
'keys' => [
|
||||
$keyArray,
|
||||
],
|
||||
])),
|
||||
]);
|
||||
|
||||
$this->assertFalse(auth()->check());
|
||||
$this->runLogin();
|
||||
$this->assertTrue(auth()->check());
|
||||
}
|
||||
|
||||
protected function withAutodiscovery()
|
||||
{
|
||||
config()->set([
|
||||
|
Loading…
Reference in New Issue
Block a user