projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
17014: rebase with master and adaptation changes
[arvados.git] / lib / controller / federation.go
diff --git a/lib/controller/federation.go b/lib/controller/federation.go
index cab5e4c4ca45172edb28f07210b001456f1e11af..869fec58e4c21b200453880aecb7028344ef7c32 100644 (file)
--- a/lib/controller/federation.go
+++ b/lib/controller/federation.go
@@ -164,6 +164,12 @@ func (h *Handler) validateAPItoken(req *http.Request, token string) (*CurrentUse
                uuid = sp[1]
                token = sp[2]
        }
+
+       if len(token) < 41 {
+               ctxlog.FromContext(req.Context()).Debugf("validateAPItoken(%s): The lenght of the token is not 41", token)
+               return nil, false, nil
+       }
+
        user.Authorization.APIToken = token
        var scopes string
        err = db.QueryRowContext(req.Context(), `SELECT api_client_authorizations.uuid, api_client_authorizations.scopes, users.uuid FROM api_client_authorizations JOIN users on api_client_authorizations.user_id=users.id WHERE api_token=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`, token).Scan(&user.Authorization.UUID, &scopes, &user.UUID)