fix: request is not resumed on JWT failure (#56)

Co-authored-by: Aliaksandr Stsiapanay <[email protected]>
epam · Nov 24, 2023 · fda238d · fda238d
1 parent 779063c
commit fda238d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 22 deletions.
diff --git a/src/main/java/com/epam/aidial/core/Proxy.java b/src/main/java/com/epam/aidial/core/Proxy.java
@@ -128,18 +128,8 @@ private void handleRequest(HttpServerRequest request) throws Exception {
         }
 
         request.pause();
-        Future<ExtractedClaims> extractedClaims;
-        if (authorization != null) {
-            try {
-                final boolean isJwtMustBeValidated = key.getUserAuth() != UserAuth.DISABLED;
-                extractedClaims = identityProvider.extractClaims(authorization, isJwtMustBeValidated);
-            } catch (Throwable e) {
-                onExtractClaimsFailure(e, config, request, key);
-                return;
-            }
-        } else {
-            extractedClaims = Future.succeededFuture();
-        }
+        final boolean isJwtMustBeValidated = key.getUserAuth() != UserAuth.DISABLED;
+        Future<ExtractedClaims> extractedClaims = identityProvider.extractClaims(authorization, isJwtMustBeValidated);
 
         extractedClaims.onComplete(result -> {
             try {

diff --git a/src/main/java/com/epam/aidial/core/security/IdentityProvider.java b/src/main/java/com/epam/aidial/core/security/IdentityProvider.java
@@ -127,10 +127,6 @@ private Future<DecodedJWT> decodeAndVerifyJwtToken(String encodedToken) {
         DecodedJWT jwt = decodeJwtToken(encodedToken);
         String kid = jwt.getKeyId();
         Future<JwkResult> future = getJwk(kid);
-        JwkResult result = future.result();
-        if (result != null) {
-            return Future.succeededFuture(verifyJwt(encodedToken, result));
-        }
         return future.map(jwkResult -> verifyJwt(encodedToken, jwkResult));
     }
 
@@ -169,13 +165,17 @@ private String extractUserHash(DecodedJWT decodedJwt) {
     }
 
     public Future<ExtractedClaims> extractClaims(String authHeader, boolean isJwtMustBeVerified) {
-        if (authHeader == null) {
-            return Future.succeededFuture();
+        try {
+            if (authHeader == null) {
+                return Future.succeededFuture();
+            }
+            // Take the 1st authorization parameter from the header value:
+            // Authorization: <auth-scheme> <authorization-parameters>
+            String encodedToken = authHeader.split(" ")[1];
+            return extractClaimsFromEncodedToken(encodedToken, isJwtMustBeVerified);
+        } catch (Throwable e) {
+            return Future.failedFuture(e);
         }
-        // Take the 1st authorization parameter from the header value:
-        // Authorization: <auth-scheme> <authorization-parameters>
-        String encodedToken = authHeader.split(" ")[1];
-        return extractClaimsFromEncodedToken(encodedToken, isJwtMustBeVerified);
     }
 
     public Future<ExtractedClaims> extractClaimsFromEncodedToken(String encodedToken, boolean isJwtMustBeVerified) {