[
https://issues.apache.org/jira/browse/NIFI-13326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17852658#comment-17852658
]
Night Gryphon commented on NIFI-13326:
--------------------------------------
Here is the screenshot. Unfortunately i can't debug this new UI as code is
hardly obfuscated for some purpose and dynamic events driven
!UI_base64_bug.png!
> UI web token (JWT) decoding error
> ---------------------------------
>
> Key: NIFI-13326
> URL: https://issues.apache.org/jira/browse/NIFI-13326
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 2.0.0-M2, 2.0.0-M3
> Environment: Linux Ubuntu 22.04
> Reporter: Night Gryphon
> Priority: Major
> Attachments: UI_base64_bug.png
>
>
> With some combinations of JWT contents UI can not decode received JWT because
> different base64 modifications are used by server and client.
> At the server side JWT is generated using URL-SAFE base64 encoding which
> replace '+' and '/' characters with '-' and '_' respectively.
> But at UI side JWT is decoded with JQuery standard base64 decode function as
> regular non URL-Safe data and '-' and '_' characters are dropped by incoming
> filter which corrupts encoded data.
> The error is within getJwtPayload() function located at
> *
> nifi-framework-bundle\nifi-framework\nifi-web\nifi-web-frontend\src\main\nifi\src\app\service\auth.service.ts
> *
> nifi-registry\nifi-registry-core\nifi-registry-web-ui\src\main\webapp\services\nf-storage.service.js
> Function getJwtPayload() calls JQuery base64 atob() function without
> appopriate JWT data preparation by replacing '-' and '_' characters back to
> '+' and '/'. This cause JWT data loss and javascript fails at parsing JWT
> json data
> The example of affected UI script is nf-login-all.js which fails after
> successful user login and receiving token
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
