search

dgrijalva / jwt-go

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
https://github.com/golang-jwt/jwt
MIT License
10.78k stars 994 forks source link

JWT token is expired when Go app is installed. #307

Open amankaur27 opened 5 years ago

amankaur27 commented 5 years ago

I am using following code to generate token while login:

func CreateToken(user models.User, c *gin.Context) (string, error){
var ip, userAgent string
keyError := InitKeys()
if keyError != nil{
    return "", keyError
}

if values, _ := c.Request.Header["Ip"]; len(values) > 0 {
    ip = values[0]
}

if values, _ := c.Request.Header["User-Agent"]; len(values) > 0{
    userAgent = values[0]
}

token := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.MapClaims{
    "email": user.EmailId,
    "exp": time.Now().Add(time.Hour * 8760).Unix(),
    "role": user.Role,
    "name": user.FirstName+" "+user.LastName,
    "ip": ip,
    "user_agent": userAgent,
    "id": user.Id,
})
config.CurrentUserId    = user.Id
models.CurrentUser      = user

/* Sign and get the complete encoded token as a string */
tokenString, err := token.SignedString([]byte(config.SignKey))
return tokenString, err

}

func InitKeys()(err error){
    SignKey, err = ioutil.ReadFile(GetBasePath()+PrivateKeyPath)
    if err != nil {
        return err
    }
    VerifyKey, err = ioutil.ReadFile(GetBasePath()+PublicKeyPath)
    if err != nil {
        return err
    }
    return nil
}

Problem When a user log in then its JWT token is generated and works well. Now the user did not logged out but closed the browser tab or window. Before he is back, the go app is re-installed with install command. Now the user come back and access his account, the token is expired and he could not see any of his details.

Code to match JWT token:

func ParseJWTToken(c *gin.Context){
merchantDb  := models.MerchantDatabase{ c.Keys["merchant_db"].(string) }
merchantDatabase := make(map[string]interface{})
if values, _ := c.Request.Header["Authorization"]; len(values) > 0 {
    bearer := strings.Split(c.Request.Header["Authorization"][0], "Bearer")
    bearerToken := strings.TrimSpace(bearer[1])
    _, err := merchantDb.GetSession(bson.M{"token": bearerToken})
    if err != nil{
        errMsg := "Failed: Unauthorized Access."
        response := controllers.ResponseController{
            config.FailureCode,
            config.FailureFlag,
            errMsg,
            err,
        }
        controllers.GetResponse(c, response)
        c.Abort()
    }else{

        var userAgent string
        var userAgentCheck bool

        if values, _ := c.Request.Header["User-Agent"]; len(values) > 0 {
            userAgent = values[0]
        }
        _ = config.InitKeys()
        token, err := jwt.Parse(bearerToken, func(token *jwt.Token) (interface{}, error) {
            return config.SignKey, nil
        })
        if len (token.Claims.(jwt.MapClaims)) > 0{
            for key, claim := range token.Claims.(jwt.MapClaims) {
                if key == "user_agent"{
                    if claim == userAgent{
                        userAgentCheck = true
                    }
                }   

                if key == "role"{
                    role = claim.(string)
                }

                if key == "id"{
                    userId = claim.(float64)
                }
                if key == "name"{
                    userName = claim.(string)
                }
            }
        }
        merchantDatabase["userid"] = userId
        merchantDatabase["role"] = role
        merchantDatabase["username"] = userName
        c.Keys = merchantDatabase
        if err == nil && token.Valid && userAgentCheck == true {
            c.Next()
        } else {
            errMsg := "Failed: Invalid Token."
            response := controllers.ResponseController{
                config.FailureCode,
                config.FailureFlag,
                errMsg,
                nil,
            }
            controllers.GetResponse(c, response)
            c.Abort()
        }
    }
}else{
    errMsg := "Failed: Unauthorized Access."
    response := controllers.ResponseController{
        config.FailureCode,
        config.FailureFlag,
        errMsg,
        "Missing Authorization Header",
    }
    controllers.GetResponse(c, response)
    c.Abort()
}

Please guide me what should I do in this case.

rebootcode commented 5 years ago

use paseto (https://github.com/o1egl/paseto), "dgrijalva/jwt-go" library is way too much broken. Another issue you will find when you change "SignedString" and create new claim and verify it. It will never verify.

I switched to paseto and out of "dgrijalva/jwt-go" PIA mode.