search

codenotary / immudb

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
https://immudb.io
Other
8.54k stars 341 forks source link

immugw returns invalid token for each request even if token is valid #341

Closed Gjergj closed 4 years ago

Gjergj commented 4 years ago

What happened Get token with HTTP login. Use the token on each HTTP request and immugw replies with invalid token What you expected to happen All request to be authenticated successfully. How to reproduce it (as minimally and precisely as possible) ./immudb

./immugw

Login to get token

curl --location --request POST 'http://localhost:3323/v1/immurestproxy/login' --header 'Content-Type: application/json' --data-raw '{ "user": "'$(echo -n immu | base64)'", "password": "'$(echo -n immu | base64)'" } }'

Use token

curl --request GET 'http://localhost:3323/v1/immurestproxy/item/index/1' --header 'Authorization: Bearer djIucHVibGljLmV5SmxlSEFpT2lJeU1ESXdMVEEyTFRFeFZERTJPalV5T2pBNUt6QXlPakF3SWl3aWNHVnliV2x6YzJsdmJuTWlPaUl5TlRVaUxDSnpkV0lpT2lKcGJXMTFJbjBPcnlkTHgyaXcyc3ZzdlNRS2tJQ1BCTHd6UXZXZkZVaUlZbFR2N2xGdjZrR2xlVEx6RGx1TlQxSV8xa01aVVFROFpfZHR6QjNVUkw0SC1LVHA5cHNOLmFXMXRkV1Jp'

Replies with

{ "error": "invalid token", "code": 16, "message": "invalid token" }

Environment

immugw 0.6.1
Commit  : 30e371b25c0459dc340759e065c5ebb9d07a68db
Built by: gjergjiramku@gmail.com
Built at: Thu, 11 Jun 2020 15:40:48 CEST
immudb 0.6.1
Commit  : 30e371b25c0459dc340759e065c5ebb9d07a68db
Built by: gjergjiramku@gmail.com
Built at: Thu, 11 Jun 2020 15:40:48 CEST

Additional info (any other context about the problem)

padurean commented 4 years ago

@Gjergj i suppose the token was not decoded from base64 (e.g. using https://cryptii.com/)? Unfortunately everything that comes out from immugw is base64 encoded, including the token, but when read from request header it is expeced decoded (in the backend auth code). Perhaps the fix would be to decode it before checking it in the backend.