Closed ilijabojanovic closed 4 years ago
This is the same with regular auth tokens. Didn't we say this is because of the default hashing algorithm?
These tokens all work:
Actual token: 5d431f8d06ac9e183bf49f9c3ce6068a57a945c2a5d8145bc12c6d0e
all work:
5d431f8d06ac9e183bf49f9c3ce6068a57a945c2a5d8145bc12c6d0e1
5d431f8d06ac9e183bf49f9c3ce6068a57a945c2a5d8145bc12c6d0e11
5d431f8d06ac9e183bf49f9c3ce6068a57a945c2a5d8145bc12c6d0e111
It really looks like old murmur32 bug, but new keys working with new key format, and @ilijabojanovic told that he have murmur64 in this config
I'm on release-2.8 and using default (nothing set in config) - hope that helps.
I couldn't reproduce this issue. We had a call with @ilijabojanovic and we need @maciejwojciechowski's confirmation.
@ilijabojanovic @furkansenharputlu I am not able to reproduce it on my local with murmur64
Fixed
Branch/Environment/Version
Describe the bug Related to: https://github.com/TykTechnologies/product/issues/165
When we create custom token, we can manipulate with characters. Example: custom token
ilijaaa
, gateway will pass traffic for tokensilij
,ilija
,ilijaa
Reproduction steps Steps to reproduce the behavior:
Actual behavior Invalid tokens will pass auth middleware and gateway will proxy request
Expected behavior Gateway should reject invalid tokens
Screenshots/Video If applicable, add screenshots or video to help explain your problem.
Logs (debug mode or log file): Log from console or from log file.
Configuration (tyk config file): Gw configuration|:
Additional context Add any other context about the problem here.