Skip to content

Commit

Permalink
Merge pull request #6061 from miguelvaz78/BUG_6059
Browse files Browse the repository at this point in the history
Adds lock on calls to ComputeHash to handle concurrency
  • Loading branch information
valadas authored May 31, 2024
2 parents 1e04695 + b381f30 commit 29d8668
Showing 1 changed file with 15 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ internal class JwtController : ServiceLocator<IJwtController, JwtController>, IJ
private static readonly HashAlgorithm Hasher = SHA384.Create();
private static readonly Encoding TextEncoder = Encoding.UTF8;

private static object hasherLock = new object();

/// <inheritdoc/>
public string SchemeType => "JWT";

Expand Down Expand Up @@ -151,7 +153,12 @@ public LoginResultData LoginUser(HttpRequestMessage request, LoginData loginData
// save hash values in DB so no one with access can create JWT header from existing data
var sessionId = NewSessionId;
var now = DateTime.UtcNow;
var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
string renewalToken = string.Empty;
lock (hasherLock)
{
renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
}

var ptoken = new PersistedToken
{
TokenId = sessionId,
Expand Down Expand Up @@ -381,7 +388,13 @@ private static string EncodeBase64(byte[] data)

private static string GetHashedStr(string data)
{
return EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data)));
string hash = string.Empty;
lock (hasherLock)
{
hash = EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data)));
}

return hash;
}

private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo)
Expand Down

0 comments on commit 29d8668

Please sign in to comment.