Skip to content

Commit d4c5226

Browse files
author
Joël-Franck HOSSIE
committed
Fix panic when token is invalid
Return from webhook handler when the token verification fails. Otherwise we try to access the invalid token which causes a panic. We also log the error for better troubleshooting and remove useless token marshalling
1 parent 4bf8160 commit d4c5226

File tree

1 file changed

+2
-5
lines changed

1 file changed

+2
-5
lines changed

internal/services/webhook-tokenauthenticator.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ func AuthenticateHandler(issuer *TokenIssuer) http.HandlerFunc {
3434
token, err := issuer.VerifyToken(tokenReview.Spec.Token)
3535

3636
if err != nil {
37+
slog.Error("error verifying token", "error", err)
3738
resp := v1beta1.TokenReview{
3839
Status: v1beta1.TokenReviewStatus{
3940
Authenticated: false,
@@ -42,6 +43,7 @@ func AuthenticateHandler(issuer *TokenIssuer) http.HandlerFunc {
4243
w.WriteHeader(http.StatusUnauthorized)
4344
w.Header().Set("Content-Type", "application/json")
4445
json.NewEncoder(w).Encode(resp)
46+
return
4547
}
4648

4749
slog.Debug("preparing access for user", "user", token.User)
@@ -96,11 +98,6 @@ func AuthenticateHandler(issuer *TokenIssuer) http.HandlerFunc {
9698
w.Header().Set("Content-Type", "application/json")
9799
w.WriteHeader(http.StatusOK)
98100

99-
jwtTokenString, marshallError := json.Marshal(resp)
100-
if marshallError != nil {
101-
slog.Error("Error serializing json to token review", "error", marshallError.Error(), "token", jwtTokenString)
102-
}
103-
104101
err = json.NewEncoder(w).Encode(resp)
105102
if err != nil {
106103
slog.Error("cannot encode resp", "error", err)

0 commit comments

Comments
 (0)