jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon adam-hanna

Nil pointer reference, if refreshtoken is expired or not sent with request

Open iwyg opened this issue 4 years ago • 2 comments

Hello there

Although this is a quite unlikely scenario, the auth.Handler will panic, caused by line 412 in auth.go, if the refresh token is not sent with the request.

Maybe error branching after calling err := auth.Process() instead of just checking for not err != nil would be a viable solution?

Kind Regards

iwyg avatar Feb 18 '21 12:02 iwyg

Sorry, I'm just seeing this, now. Thanks for the report.

adam-hanna avatar May 14 '21 12:05 adam-hanna

The same error seems to be triggered if the X-CSRF-Token does not match the value in JWTs

areYouLazy avatar May 14 '21 15:05 areYouLazy