Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
35,057 Commits
183 Branches
453 Tags
377 MiB
Commit Graph

15 Commits (4fd4bd019f814db68215df7cfeec5f1dad613a5e)

Author SHA1 Message Date
Sam Arnold 5015297d40
fix: more expressive errors (#22448) 
* fix: more expressive errors

Closes #22446

* fix: server only logging for untyped errors

* chore: fix formatting
 2021-09-13 15:12:35 -04:00
Daniel Moran 1c2d68b0cb
build: upgrade to go1.17 (#22363) 2021-09-01 16:09:02 -04:00
Jamie Strandboge bf5965d22b
chore: upgrade to golang-jwt 3.2.1 to fix CVE-2020-26160 (#21925) 
CVE-2020-26160[0] is an access restriction bypass under certain
circumstances when validating audience checks. The original
dgrijalva/jwt-go project is no longer maintained[1] and will not be
issuing a fix for this CVE[2]. Instead, they have transferred ownership
to golang-jwt/jwt[2][3][4].

The following was performed:

1. update chronograf and jsonweb to import golang-jwt/jwt
2. go mod edit -require github.com/golang-jwt/jwt@v3.2.1+incompatible
3. go mod edit -droprequire github.com/dgrijalva/jwt-go
4. go mod tidy
5. make
6. make test

References:
[0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26160
[1] dgrijalva/jwt-go#462
[2] dgrijalva/jwt-go#463
[3] https://github.com/dgrijalva/jwt-go/blob/master/README.md
[4] https://github.com/golang-jwt/jwt
 2021-07-23 15:19:11 -05:00
Daniel Moran 00afd95cb7
refactor: automated move of errors and id from root to kit (#21101) 
Co-authored-by: Sam Arnold <sarnold@influxdata.com>
 2021-03-30 14:10:02 -04:00
pierwill 770f46b0a2 feat: Add initial OSS-Fuzz testing integration 2020-07-07 11:46:35 -07:00
George f646653b1b
refactor!: replace authorizer.Allowed method with PermissionSet (#17959) 
* refactor!: replace Allow method with PermissionSet

* chore(changelog): update changelog to reflect changes to authorizer
 2020-05-13 12:27:46 +01:00
Jonathan A. Sternberg 0ae8bebd75
refactor: rewrite imports to include the /v2 suffix for version 2 2020-04-03 12:39:20 -05:00
Gavin Cabbage b5c24f3c9d
refactor(tasks): auth user id (#17562) 2020-04-02 09:40:00 -04:00
Gavin Cabbage f3462b306b
fix: revert token change to add user ID (#17551) 2020-04-01 15:13:20 -04:00
Gavin Cabbage 5f1eaa7be3
feat: include user ID with web token (#17535) 2020-04-01 13:43:46 -04:00
Lyon Hill 683396ff5a
fix(jwt): jwt id's can't be invalid when marshaling (#16032) 2019-11-22 15:02:17 -07:00
George ba5dc411df
fix(jwt): panic on call to token.Identifier() (#16023) 
* fix(jwt): demonstrate panic in token.Identifier() in tests

* fix(jwt): return invalid ID when token.Identifier() cannot parse ID from string
 2019-11-22 16:28:00 +01:00
Lyon Hill c8de76eaf9 fix(jwt): allow jwt's to be used in query proxy calls (#16010) 2019-11-22 10:12:36 +01:00
George 9f5390e449
feat(auth): add jwt support in auth middleware (#15152) 2019-09-27 12:12:41 +01:00
George ddce5d383a
feat(auth): add new jsonweb package (#15151) 2019-09-19 12:31:40 +01:00