Open halber opened 6 months ago
andrei-tulba
commented
5 months ago There also another problem with this fix (ArrayOutOfBoundException here). This will happen if the SimpleAuthenticationHandlerImpl@23305 gives an ok (recursion and graphs with a single index :slightly_smiling_face: ).
@tsegismont Not really sure if I need to create a separate issue with its own reproducer.
Build a following list of handlers to reproduce the issue (see image with nested any handlers)
tsegismont
commented
2 months ago @halber can you provide a reproducer that does not involve an MFA handler?
As far as I can tell, the reproducer also fails without commit https://github.com/vert-x3/vertx-web/commit/f8565123f6130725af93dc94fae55d85d5033dce.
It fails differently, with java.lang.AssertionError: expected:<302> but was:<200>, because the ChainAuthHandler doesn't seem to play well with MFA (mfa is null in chain auth handler)
I tried to create a reproducer with a single, simple auth handler (basic auth) and it worked fine.
Can you provide a different reproducer?
tsegismont
commented
2 months ago @andrei-tulba if I understand correctly, the issue is different (happens when ChainAuthHandler is nested inside another instance). Then yes, please open a separate issue, ideally with a simplified reproducer.
andrei-tulba
commented
2 months ago FYI @tsegismont :point_up:
tsegismont
commented
2 months ago Thanks @andrei-tulba
wolftree-games
commented
2 weeks ago Stumbled over the same error in version 4.5.10 For me setup is pretty simple
authHandler is a OAuth2Handler (Google) jwtHandler the standard JwtAuthHandler
...
ChainAuthHandler chainAuthHandler = ChainAuthHandler.any();
chainAuthHandler.add(jwtAuthHandler);
chainAuthHandler.add(authHandler);
router.get("/loggedin")
.handler(chainAuthHandler)...
tsegismont
commented
2 weeks ago @halber thanks, I'll give this a try and hopefully can reproduce. In the meantime, can you tell a bit more about how your jwtAuthHandler is initialized?
wolftree-games
commented
2 weeks ago I'am not the referenced person but maybe it helps because i run into the exact same error. my code example you see above, the handlers were setup this way: The custom JwtHandler only overrides authenticate from JWTAuthHandlerImpl (rewrite jwt token from cookie to header if header is missing) then calling super, not really related.
private void initGoogleAuth() {
String google_clientid = config.gaClientId();
String google_clientSecret = config.getSecret();
authProvider = GoogleAuth.create(vertx, google_clientid, google_clientSecret);
authHandler = OAuth2AuthHandler.create(vertx, authProvider,
"http://...:8080/auth/google")
.withScopes(List.of("openid", "email", "profile"))
//.pkceVerifierLength(64)
.setupCallback(router.route("/auth/google"));
}
private void initJwtAuth() throws IOException {
JWTAuthOptions cfg = new JWTAuthOptions()
.addPubSecKey(new PubSecKeyOptions()
.setAlgorithm("RS256")
.setBuffer(config.loadPublicKey()))
.addPubSecKey(new PubSecKeyOptions()
.setAlgorithm("RS256")
.setBuffer(config.loadPrivateKey()));
jwtAuthProvider = JWTAuth.create(vertx, cfg);
jwtAuthHandler = WolftreeJwtAuthHandler.create(jwtAuthProvider);
}
Version
4.5.6
Context
This commit https://github.com/vert-x3/vertx-web/commit/f8565123f6130725af93dc94fae55d85d5033dce causes an NPE when calling the postAuthentication method.
Do you have a reproducer?
git clone --branch reproducer --single-branch https://github.com/halber/vertx-web.gitSteps to reproduce
mvn -Dtest=io.vertx.ext.web.handler.ChainAuthHandlerTest2 testThis test is a copy of the
io.vertx.ext.web.handler.OtpHandlerTest#testVerifyAuthenticatorGoodCode. The only thing I changed was to add the OtpAuthHandler to the ChainAuthHandler. Line 89 to 91.Stacktrace