Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

That's a step forward implementing newest security requirements for Atlassian Connect #38

Merged
merged 3 commits into from
Jul 16, 2021
Merged

That's a step forward implementing newest security requirements for Atlassian Connect #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
42770b0
CLK-1058 storing qsh verification result in request headers
stefan-hc Sep 15, 2020
e23aa42
Store SEN if field is available
pawelniewie Dec 11, 2020
4b1aa07
Merge remote-tracking branch 'upstream/master' into CLK-1058-mandator…
pawelniewie Jun 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions lib/atlassian-jwt-authentication/filters.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ def on_add_on_installed
current_jwt_token.api_base_url = api_base_url if current_jwt_token.respond_to?(:api_base_url)
current_jwt_token.oauth_client_id = params[:oauthClientId] if current_jwt_token.respond_to?(:oauth_client_id)
current_jwt_token.public_key = params[:publicKey] if current_jwt_token.respond_to?(:public_key)
current_jwt_token.sen = params[:supportEntitlementNumber] if current_jwt_token.respond_to?(:sen)
current_jwt_token.payload = params.to_unsafe_h if current_jwt_token.respond_to?(:payload)

current_jwt_token.save!
Expand Down
7 changes: 6 additions & 1 deletion lib/atlassian-jwt-authentication/middleware.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class VerifyJwtToken
JWT_TOKEN_HEADER = "#{PREFIX}.jwt_token".freeze
JWT_CONTEXT = "#{PREFIX}.context".freeze
JWT_ACCOUNT_ID = "#{PREFIX}.account_id".freeze
JWT_QSH_VERIFIED = "#{PREFIX}.qsh_verified".freeze

def initialize(app, addon_key)
@app = app
Expand All @@ -24,7 +25,7 @@ def call(env)

if jwt
jwt_verification = JWTVerification.new(@addon_key, jwt, request)
jwt_auth, account_id, context = jwt_verification.verify
jwt_auth, account_id, context, qsh_verified = jwt_verification.verify

if jwt_auth
request.set_header(JWT_TOKEN_HEADER, jwt_auth)
Expand All @@ -37,6 +38,10 @@ def call(env)
if context
request.set_header(JWT_CONTEXT, context)
end

if qsh_verified
request.set_header(JWT_QSH_VERIFIED, qsh_verified)
end
end

@app.call(env)
Expand Down
6 changes: 5 additions & 1 deletion lib/atlassian-jwt-authentication/verify.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,10 @@ def verify
log(:error, "QSH mismatch for client_key #{data['iss']} and addon_key #{addon_key}")
return false
end

qsh_verified = true
else
qsh_verified = false
end

context = data['context']
Expand All @@ -96,7 +100,7 @@ def verify
account_id = data['sub']
end

[jwt_auth, account_id, context]
[jwt_auth, account_id, context, qsh_verified]
end

private
Expand Down