Skip to content

fix panic in auth.TokenExpired #736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2025
Merged

fix panic in auth.TokenExpired #736

merged 1 commit into from
May 13, 2025

Conversation

@jkroepke
Copy link
Contributor

@jkroepke jkroepke commented May 8, 2025
edited
Loading

Description

This PR fixes a panic, if CLI is authenticated with an invalid Service Account Token.

stackit auth activate-service-account accept any JWT token with an email claim.

However, stackit auth get-access-token panics, because the command checks for an expire date, which is not present.

The underlaying JWT library does not return an error, if the exp claim is not present.

JWT RFC explained that exp is an manatory field. However in any case, an application should never panic.

Ref: https://github.com/golang-jwt/jwt/blob/048854f1b0ac96c0a843d52fc09d7878b853683f/map_claims.go#L48

stackit auth activate-service-account --service-account-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkdW1teS11c2VyIiwibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqd2RAZXhhbXBsZS5jb20iLCJpYXQiOjE2MDAwMDAwMDB9.dC8oFSpuKo7y1r3zHqPqGXnHTsFf2w0tFt6Iwb3kUpw 
You have been successfully authenticated to the STACKIT CLI!
Service account email: [email protected]

stackit auth get-access-token
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x102ea1328]

goroutine 1 [running]:
github.com/stackitcloud/stackit-cli/internal/pkg/auth.TokenExpired({0x140004ddc80, 0xbd})
        /Users/runner/work/stackit-cli/stackit-cli/internal/pkg/auth/user_token_flow.go:122 +0x138
github.com/stackitcloud/stackit-cli/internal/cmd/auth/get-access-token.NewCmd.func1(0x14000017800?, {0x10549ec40?, 0x4?, 0x103d8a888?})
        /Users/runner/work/stackit-cli/stackit-cli/internal/cmd/auth/get-access-token/get_access_token.go:37 +0x40
github.com/spf13/cobra.(*Command).execute(0x140001e3b08, {0x10549ec40, 0x0, 0x0})
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1015 +0x828
github.com/spf13/cobra.(*Command).ExecuteC(0x140001e2c08)
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x350
github.com/spf13/cobra.(*Command).Execute(...)
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071
github.com/stackitcloud/stackit-cli/internal/cmd.Execute({0x1040ab348, 0x6}, {0x1040ab6e0, 0x14})
        /Users/runner/work/stackit-cli/stackit-cli/internal/cmd/root.go:208 +0x98
main.main()
        /Users/runner/work/stackit-cli/stackit-cli/main.go:18 +0x40

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see e.g. here)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@jkroepke jkroepke mentioned this pull request May 8, 2025
Closed
10 tasks
Fyusel
Fyusel approved these changes May 13, 2025
View reviewed changes
Copy link
Contributor

@Fyusel Fyusel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for submitting this PR 👍

@Fyusel Fyusel merged commit aacb3cb into stackitcloud:main May 13, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fyusel Fyusel Fyusel approved these changes

@marceljk marceljk Awaiting requested review from marceljk

@bahkauv70 bahkauv70 Awaiting requested review from bahkauv70

@rubenhoenle rubenhoenle Awaiting requested review from rubenhoenle

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkroepke @Fyusel