Fix JWT refresh panic. Fixes #2460

openziti · Oct 1, 2024 · b8294a9 · b8294a9
1 parent edcb40e
commit b8294a9
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+# Release 1.1.15
+
+## What's New
+
+* Panic fix related to controller HA
+
+## Component Updates and Bug Fixes
+
+* github.com/openziti/ziti: [v1.1.14 -> v1.1.15](https://github.com/openziti/ziti/compare/v1.1.14...v1.1.15)
+    * [Issue #2460](https://github.com/openziti/ziti/issues/2460) - Panic on JWT token refresh
+
 # Release 1.1.14
 
 ## What's New

diff --git a/controller/oidc_auth/storage.go b/controller/oidc_auth/storage.go
@@ -601,6 +601,9 @@ func (s *HybridStorage) parseAccessToken(tokenStr string) (*jwt.Token, *common.A
 // TokenRequestByRefreshToken implements the op.Storage interface
 func (s *HybridStorage) TokenRequestByRefreshToken(_ context.Context, refreshToken string) (op.RefreshTokenRequest, error) {
 	_, token, err := s.parseRefreshToken(refreshToken)
+	if err != nil {
+		return nil, err
+	}
 	return &RefreshTokenRequest{*token}, err
 }