Skip to content

Commit

Permalink
fix: fix authentication bypass for capsule-proxy
Browse files Browse the repository at this point in the history 
- fix authentication bypass for capsule-proxy with leading token

Signed-off-by: slimm609 <dbrian@vmware.com>
  • Loading branch information
@slimm609 @prometherion
slimm609 authored and prometherion committed Nov 23, 2023
1 parent 079600f commit 472404f
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions internal/request/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ func (h http) processBearerToken() (username string, groups []string, err error)
return "", nil, fmt.Errorf("cannot create TokenReview")
}

if !tr.Status.Authenticated {
return "", nil, fmt.Errorf("cannot verify the token due to error")
}

if statusErr := tr.Status.Error; len(statusErr) > 0 {
return "", nil, fmt.Errorf("cannot verify the token due to error")
}
Expand Down

0 comments on commit 472404f

Please sign in to comment.