Skip to content

Commit 70c40e8

Browse files
Han-Ya-JunHan-Ya-Jun
authored
fix: fix esb jwt get iss (TencentBlueKing#177)
1 parent 03f213d commit 70c40e8

2 files changed

Lines changed: 15 additions & 10 deletions

File tree

sdks/apigw-manager/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "apigw-manager"
3-
version = "3.0.4"
3+
version = "3.0.5"
44
description = "The SDK for managing blueking gateway resource."
55
readme = "README.md"
66
authors = ["blueking <blueking@tencent.com>"]

sdks/apigw-manager/src/apigw_manager/apigw/providers.py

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -115,13 +115,13 @@ def __init__(self, gateway_name: str, payload: dict) -> None:
115115

116116
class JWTProvider(metaclass=abc.ABCMeta):
117117
def __init__(
118-
self,
119-
jwt_key_name: str,
120-
default_gateway_name: str,
121-
algorithm: str,
122-
allow_invalid_jwt_token: bool,
123-
public_key_provider: PublicKeyProvider,
124-
**kwargs,
118+
self,
119+
jwt_key_name: str,
120+
default_gateway_name: str,
121+
algorithm: str,
122+
allow_invalid_jwt_token: bool,
123+
public_key_provider: PublicKeyProvider,
124+
**kwargs,
125125
) -> None:
126126
self.jwt_key_name = jwt_key_name
127127
self.default_gateway_name = default_gateway_name
@@ -148,6 +148,9 @@ def _decode_jwt(self, jwt_payload, public_key, algorithm):
148148
def _decode_jwt_header(self, jwt_payload):
149149
return jwt.get_unverified_header(jwt_payload)
150150

151+
def _decode_payload(self, jwt_payload):
152+
return jwt.decode(jwt_payload, options={"verify_signature": False})
153+
151154
def provide(self, request: HttpRequest) -> Optional[DecodedJWT]:
152155
jwt_token = request.META.get(self.jwt_key_name, "")
153156
if not jwt_token:
@@ -156,9 +159,11 @@ def provide(self, request: HttpRequest) -> Optional[DecodedJWT]:
156159
try:
157160
jwt_header = self._decode_jwt_header(jwt_token)
158161
gateway_name = jwt_header.get("kid") or self.default_gateway_name
159-
public_key = self.public_key_provider.provide(gateway_name, jwt_header.get("iss"))
162+
# 兼容bk-esb签发jwt时未在header里面添加 iss
163+
iss = jwt_header.get("iss") or self._decode_payload(jwt_token).get("iss", "")
164+
public_key = self.public_key_provider.provide(gateway_name, iss)
160165
if not public_key:
161-
logger.warning("no public key found, gateway=%s, issuer=%s", gateway_name, jwt_header.get("iss"))
166+
logger.warning("no public key found, gateway=%s, issuer=%s", gateway_name, iss)
162167
return None
163168

164169
algorithm = jwt_header.get("alg") or self.algorithm

0 commit comments

Comments
 (0)