fix linter errors, error out if jwt does not contain a key id

This commit is contained in:
Raal Goff 2021-09-26 21:12:36 +08:00
parent e7a2501fe8
commit b22a9781a2

20
oidc.go
View file

@ -94,7 +94,7 @@ func verifyToken(token string) (*AccessToken, error) {
} }
} else { } else {
return nil, err return nil, errors.New("JWT does not contain a key id")
} }
} }
@ -200,6 +200,13 @@ func (h *Headscale) RegisterOIDC(c *gin.Context) {
b := make([]byte, 16) b := make([]byte, 16)
_, err = rand.Read(b) _, err = rand.Read(b)
if err != nil {
log.Error().Msg("could not read 16 bytes from rand")
c.String(http.StatusInternalServerError, "could not read 16 bytes from rand")
return
}
stateStr := hex.EncodeToString(b)[:32] stateStr := hex.EncodeToString(b)[:32]
// init the state cache if it hasn't been already // init the state cache if it hasn't been already
@ -281,6 +288,13 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
ns, err := h.GetNamespace(claims.Email) ns, err := h.GetNamespace(claims.Email)
if err != nil { if err != nil {
ns, err = h.CreateNamespace(claims.Email) ns, err = h.CreateNamespace(claims.Email)
if err != nil {
log.Error().Msgf("could not create new namespace '%s'", claims.Email)
c.String(http.StatusInternalServerError, "could not create new namespace")
return
}
} }
ip, err := h.getAvailableIP() ip, err := h.getAvailableIP()
@ -301,10 +315,10 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
<body> <body>
<h1>headscale</h1> <h1>headscale</h1>
<p> <p>
Authenticated, you can now close this window. Authenticated as %s, you can now close this window.
</p> </p>
</body> </body>
</html> </html>
`))) `, claims.Email)))
} }