From 6b2965c18a421da7a3a1be294df12e37330cd9c9 Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Mon, 29 Jun 2026 16:33:21 +0200 Subject: [PATCH] fix(security): Authentication Bypass via Broken JWT Validation in AuthHeaders.validate_oidc_token --- myice/webapi.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/myice/webapi.py b/myice/webapi.py index 3c43f4c..5d88139 100644 --- a/myice/webapi.py +++ b/myice/webapi.py @@ -89,9 +89,8 @@ class AuthHeaders(BaseModel): # Decode JWT header and payload (without verification for simplicity in this example) parts = token.split(".") if len(parts) != 3: - # If not a standard JWT, treat as opaque token - # For now, we'll accept any non-empty token as valid for testing - return len(token) > 0 + # Reject opaque or malformed tokens + return False # Decode payload (part 1) payload = parts[1] @@ -110,10 +109,9 @@ class AuthHeaders(BaseModel): return True except Exception as e: + # Log the validation error but do NOT authenticate on failure print(f"Token validation error: {e}") - # Even if we can't validate the token, if it exists, we'll accept it for now - # This is for development/testing purposes only - return len(self.token()) > 0 + return False class HealthCheck(BaseModel):