abstract padding logic - don't repeat

2023-12-18 09:58:30 -05:00 · 2023-12-18 09:58:30 -05:00 · afc6368915
commit afc6368915
parent c5d4e237ad
1 changed files with 8 additions and 8 deletions
--- a/Oqtane.Server/Security/JwtManager.cs
+++ b/Oqtane.Server/Security/JwtManager.cs
@ -17,11 +17,8 @@ namespace Oqtane.Security
    {
        public string GenerateToken(Alias alias, ClaimsIdentity identity, string secret, string issuer, string audience, int lifetime)
        {
-            // ensure secret is 256 bits
-            if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32);
-
            var tokenHandler = new JwtSecurityTokenHandler();
-            var key = Encoding.ASCII.GetBytes(secret);
+            var key = Encoding.ASCII.GetBytes(PadSecret(secret));
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(identity),
@ -38,11 +35,8 @@ namespace Oqtane.Security
        {
            if (!string.IsNullOrEmpty(token))
            {
-                // ensure secret is 256 bits
-                if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32);
-
                var tokenHandler = new JwtSecurityTokenHandler();
-                var key = Encoding.ASCII.GetBytes(secret);
+                var key = Encoding.ASCII.GetBytes(PadSecret(secret));
                try
                {
                    tokenHandler.ValidateToken(token, new TokenValidationParameters
@ -72,5 +66,11 @@ namespace Oqtane.Security
            }
            return null;
        }
+
+        private string PadSecret(string secret)
+        {
+            // ensure secret is 256 bits
+            return (secret.Length < 32) ? (secret + "????????????????????????????????").Substring(0, 32) : secret;
+        }
    }
 }