Merging to release-5-lts: TT-10797 Hex validation for long keys on To…

…kenOrg (#5876) TT-10797 Hex validation for long keys on TokenOrg (#5876)  ## Description When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not. This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string.  ## Related Issue     https://tyktech.atlassian.net/browse/TT-10797 ## Motivation and Context  If the custom key has more than 24 characters, it is get deleted from Edge Redis on update. ## How This Has Been Tested     ## Screenshots (if appropriate) ## Types of changes  - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist    - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why
TykTechnologies · Dec 18, 2023 · d99daca · d99daca
1 parent 80e2e2b
commit d99daca
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/storage/storage.go b/storage/storage.go
@@ -24,6 +24,8 @@ var ErrKeyNotFound = errors.New("key not found")
 
 var ErrMDCBConnectionLost = errors.New("mdcb connection is lost")
 
+const MongoBsonIdLength = 24
+
 // Handler is a standard interface to a storage backend, used by
 // AuthorisationManager to read and write key values to the backend
 type Handler interface {
@@ -127,8 +129,12 @@ func TokenOrg(token string) string {
 	}
 
 	// 24 is mongo bson id length
-	if len(token) > 24 {
-		return token[:24]
+	if len(token) > MongoBsonIdLength {
+		newToken := token[:MongoBsonIdLength]
+		_, err := hex.DecodeString(newToken)
+		if err == nil {
+			return newToken
+		}
 	}
 
 	return ""

diff --git a/storage/storage_test.go b/storage/storage_test.go
@@ -0,0 +1,41 @@
+package storage
+
+import "testing"
+
+func Test_TokenOrg(t *testing.T) {
+	tcs := []struct {
+		name           string
+		givenKey       string
+		expectedResult string
+	}{
+		{
+			name:           "long non-b64 key - without orgId ",
+			givenKey:       "testdata-JJNIsqyZViCvcnbX8ouvG7yctsH1irHa2aklAFYC",
+			expectedResult: "",
+		},
+		{
+			name:           "b64 key",
+			givenKey:       "eyJvcmciOiI2NDkyZjY2ZTZlYmJjNTZjNmE2YmYwMjIiLCJpZCI6IjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU5IiwiaCI6Im11cm11cjY0In0=",
+			expectedResult: "6492f66e6ebbc56c6a6bf022",
+		},
+		{
+			name:           "long non-b64 key - with orgId",
+			givenKey:       "6492f66e6ebbc56c6a6bf022657c162274933214b91ea570",
+			expectedResult: "6492f66e6ebbc56c6a6bf022",
+		},
+		{
+			name:           "short non-b64 key",
+			givenKey:       "6492f66e6e",
+			expectedResult: "",
+		},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			result := TokenOrg(tc.givenKey)
+			if result != tc.expectedResult {
+				t.Errorf("Expected %s, got %s", tc.expectedResult, result)
+			}
+		})
+	}
+}