[
https://issues.apache.org/jira/browse/NIFI-13326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Night Gryphon updated NIFI-13326:
---------------------------------
Description:
With some combinations of JWT contents UI can not decode received JWT because
different base64 modifications are used by server and client.
At the server side JWT is generated using URL-SAFE base64 encoding which
replace '+' and '/' characters with '-' and '_' respectively.
But at UI side JWT is decoded with JQuery standard base64 decode function as
regular non URL-Safe data and '-' and '_' characters are dropped by incoming
filter which corrupts encoded data.
The error is within getJwtPayload() function located at
*
nifi-framework-bundle\nifi-framework\nifi-web\nifi-web-frontend\src\main\nifi\src\app\service\auth.service.ts
*
nifi-registry\nifi-registry-core\nifi-registry-web-ui\src\main\webapp\services\nf-storage.service.js
Function getJwtPayload() calls JQuery base64 atob() function without appopriate
JWT data preparation by replacing '-' and '_' characters back to '+' and '/'.
This cause JWT data loss and javascript fails at decoding JWT json data
The example of affected UI script is nf-login-all.js which fails after
successful user login and receiving token
was:
With some combinations of JWT contents UI can not decode received JWT because
different base64 modifications are used by server and client.
At the server side JWT is generated using URL-SAFE base64 encoding which
replace '+' and '/' characters with '-' and '_' respectively.
But at UI side JWT is decoded with JQuery standard base64 decode function as
regular non URL-Safe data and '-' and '_' characters are dropped by incoming
filter which corrupts encoded data.
As an example the UI script nf-login-all.js (and some other) declare function
getJwtPayload which call JQuery base 64 decode without appopriate JWT data
preparation by replacing '-' and '_' characters back to '+' and '/'. This cause
JWT data loss and javascript fails at decoding JWT json data
> UI web token (JWT) decoding error
> ---------------------------------
>
> Key: NIFI-13326
> URL: https://issues.apache.org/jira/browse/NIFI-13326
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 2.0.0-M2, 2.0.0-M3
> Environment: Linux Ubuntu 22.04
> Reporter: Night Gryphon
> Priority: Major
>
> With some combinations of JWT contents UI can not decode received JWT because
> different base64 modifications are used by server and client.
> At the server side JWT is generated using URL-SAFE base64 encoding which
> replace '+' and '/' characters with '-' and '_' respectively.
> But at UI side JWT is decoded with JQuery standard base64 decode function as
> regular non URL-Safe data and '-' and '_' characters are dropped by incoming
> filter which corrupts encoded data.
> The error is within getJwtPayload() function located at
> *
> nifi-framework-bundle\nifi-framework\nifi-web\nifi-web-frontend\src\main\nifi\src\app\service\auth.service.ts
> *
> nifi-registry\nifi-registry-core\nifi-registry-web-ui\src\main\webapp\services\nf-storage.service.js
> Function getJwtPayload() calls JQuery base64 atob() function without
> appopriate JWT data preparation by replacing '-' and '_' characters back to
> '+' and '/'. This cause JWT data loss and javascript fails at decoding JWT
> json data
> The example of affected UI script is nf-login-all.js which fails after
> successful user login and receiving token
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
