From afc6368915df198516c6ed3e86dd87dd06586568 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 18 Dec 2023 09:58:30 -0500 Subject: [PATCH] abstract padding logic - don't repeat --- Oqtane.Server/Security/JwtManager.cs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Oqtane.Server/Security/JwtManager.cs b/Oqtane.Server/Security/JwtManager.cs index 235ce40a..026071a1 100644 --- a/Oqtane.Server/Security/JwtManager.cs +++ b/Oqtane.Server/Security/JwtManager.cs @@ -17,11 +17,8 @@ namespace Oqtane.Security { public string GenerateToken(Alias alias, ClaimsIdentity identity, string secret, string issuer, string audience, int lifetime) { - // ensure secret is 256 bits - if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32); - var tokenHandler = new JwtSecurityTokenHandler(); - var key = Encoding.ASCII.GetBytes(secret); + var key = Encoding.ASCII.GetBytes(PadSecret(secret)); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(identity), @@ -38,11 +35,8 @@ namespace Oqtane.Security { if (!string.IsNullOrEmpty(token)) { - // ensure secret is 256 bits - if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32); - var tokenHandler = new JwtSecurityTokenHandler(); - var key = Encoding.ASCII.GetBytes(secret); + var key = Encoding.ASCII.GetBytes(PadSecret(secret)); try { tokenHandler.ValidateToken(token, new TokenValidationParameters @@ -72,5 +66,11 @@ namespace Oqtane.Security } return null; } + + private string PadSecret(string secret) + { + // ensure secret is 256 bits + return (secret.Length < 32) ? (secret + "????????????????????????????????").Substring(0, 32) : secret; + } } }