Skip to content

fix: ensure auth failure returns without next() call #803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rsdmike wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: ensure auth failure returns without next() call #803

rsdmike wants to merge 1 commit into from
+22 −3

Conversation

@rsdmike
Copy link
Member

@rsdmike rsdmike commented Feb 11, 2026

also ensure JWT signatures matches expected

Copilot AI review requested due to automatic review settings February 11, 2026 22:18
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request addresses two critical authentication issues: fixing a missing return statement that allowed requests to proceed after authentication failures, and adding JWT signature validation to prevent algorithm confusion attacks.

Changes:

  • Added JWT signing method validation to ensure tokens use HMAC before parsing
  • Fixed missing return statement in OIDC verification error path that could allow unauthorized requests to proceed
  • Ensured consistent and secure JWT parsing across both HTTP API and WebSocket authentication flows

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
internal/controller/httpapi/v1/login.go Fixed missing return after OIDC auth failure and added HMAC signing method validation to JWT parsing
internal/controller/ws/v1/redirect.go Added HMAC signing method validation to JWT parsing in websocket authentication

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link

codecov bot commented Feb 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.69%. Comparing base (e16afa8) to head (203023a).

Files with missing lines Patch % Lines
internal/controller/httpapi/v1/login.go 0.00% 4 Missing ⚠️
internal/controller/ws/v1/redirect.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #803      +/-   ##
==========================================
- Coverage   39.70%   39.69%   -0.02%     
==========================================
  Files         112      112              
  Lines       10673    10676       +3     
==========================================
  Hits         4238     4238              
- Misses       6052     6055       +3     
  Partials      383      383

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@rsdmike
fix: ensure auth failure returns without next() call
203023a 
also ensure JWT signatures matches expected
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rsdmike