Skip to content

Commit 6ef05a3

Browse files
elibosleyelibosley
committed
feat: validate token format in both PHP and CLI
1 parent afce130 commit 6ef05a3

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

api/src/core/sso/sso-setup.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,11 @@ function verifyUsernamePasswordAndSSO(string $username, string $password): bool
2323
// We may have an SSO token, attempt validation
2424
if (strlen($password) > 800) {
2525
$safePassword = escapeshellarg($password);
26+
if (!preg_match('/^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/', $password)) {
27+
my_logger("SSO Login Attempt Failed: Invalid token format");
28+
}
2629
$response = exec("/usr/local/bin/unraid-api sso validate-token $safePassword", $output, $code);
27-
my_logger("SSO Login Response: $response");
30+
my_logger("SSO Login Attempt: $response");
2831
if ($code === 0 && $response && strpos($response, '"valid":true') !== false) {
2932
return true;
3033
}

api/src/unraid-api/cli/sso/validate-token.command.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,10 +38,15 @@ export class ValidateTokenCommand extends CommandRunner {
3838
}
3939

4040
const token = passedParams[0];
41+
4142
if (typeof token !== 'string' || token.trim() === '') {
4243
this.createErrorAndExit('Invalid token provided');
4344
}
4445

46+
if (!/^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/.test(token)) {
47+
this.createErrorAndExit('Token format is invalid');
48+
}
49+
4550
let caughtError: null | unknown = null;
4651
let tokenPayload: null | JWTPayload = null;
4752
try {

0 commit comments

Comments
 (0)