在雀巢防御中绕过BearerStrategy与策略
在雀巢防御中绕过BearerStrategy与策略
提问于 2022-11-10 14:35:20
我有下面的雀巢全球警卫为我的应用程序:
import { ExecutionContext, Injectable } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { AuthGuard } from "@nestjs/passport";
@Injectable()
export class LoginGuard extends AuthGuard(
["azure-ad"]
) {
public constructor(private readonly reflector: Reflector) {
super();
}
async canActivate(context: ExecutionContext) {
const isPublic = this.reflector.get<boolean>(
"isPublic",
context.getHandler()
);
if (isPublic) {
return true;
}
const result = (await super.canActivate(context)) as boolean;
const request = context.switchToHttp().getRequest();
await super.logIn(request);
return result;
}
}以及以下针对澳大利亚的战略:
import {
BearerStrategy,
IBearerStrategyOption,
ITokenPayload,
VerifyCallback,
} from "passport-azure-ad"
import {
Inject,
Injectable,
OnModuleInit,
UnauthorizedException,
} from "@nestjs/common"
import passport = require("passport")
import env from "../../../config"
import { User } from "modules/users/users.interface"
import { UsersService } from "modules/users/users.service"
const tenantId = env.TENANT_ID
const clientID = env.CLIENT_ID || ""
const azureCredentials: IBearerStrategyOption = {
identityMetadata: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`,
clientID,
validateIssuer: true,
issuer: `https://login.microsoftonline.com/${tenantId}/v2.0`,
audience: clientID,
}
@Injectable()
export class AzureAdStrategy extends BearerStrategy implements OnModuleInit {
onModuleInit() {
passport.use("azure-ad", this)
}
constructor(@Inject(UsersService) private usersService: UsersService) {
super(
azureCredentials,
async (token: ITokenPayload, done: VerifyCallback) => {
if (Date.now() / 1000 > token.exp) {
return done(new UnauthorizedException("access token is expired"))
}
const tokenUsername = token?.preferred_username?.slice(0, 9)
const tokenAppId = !tokenUsername && token?.azp
if (!tokenUsername && !tokenAppId) {
return done(new UnauthorizedException("Missing User"))
}
let user: User
if (tokenUsername) {
try {
user = await this.usersService.getUser(tokenUsername)
if (!user) {
return done(new UnauthorizedException("User is not recognized"))
}
} catch (err) {
return done(err)
}
}
return done(null, user, token)
},
)
}
}这个很好用。我需要为我的应用程序提供一个后门逻辑,所以如果在请求中发送了某个标头,那么它将绕过azureAD授权,比如req.is_bypass。
实现这一目标的最佳方法是什么?这是可能的,还是我需要使用另一种逻辑的后门?
谢谢!
回答 1
Stack Overflow用户
回答已采纳
发布于 2022-11-10 17:57:13
在LoginGuard的canActivate中,您可以访问ExecutionContext对象,该对象可用于获取当前请求。
import { ExecutionContext, Injectable } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { AuthGuard } from "@nestjs/passport";
@Injectable()
export class LoginGuard extends AuthGuard(
["azure-ad"]
) {
public constructor(private readonly reflector: Reflector) {
super();
}
async canActivate(context: ExecutionContext) {
const isPublic = this.reflector.get<boolean>(
"isPublic",
context.getHandler()
);
if (isPublic) {
return true;
}
const req = context.switchToHttp().getRequest()
if (req.is_bypass) {
return true;
}
const result = (await super.canActivate(context)) as boolean;
const request = context.switchToHttp().getRequest();
await super.logIn(request);
return result;
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74390752
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号