@backstage/plugin-scaffolder-backend 1.4.0-next.0 → 1.4.0-next.1

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @backstage/plugin-scaffolder-backend
 
+## 1.4.0-next.1
+
+### Patch Changes
+
+- 801d606909: Improve error messaging when passing in malformed auth
+- Updated dependencies
+  - @backstage/catalog-model@1.1.0-next.1
+  - @backstage/backend-common@0.14.1-next.1
+  - @backstage/errors@1.1.0-next.0
+  - @backstage/plugin-catalog-backend@1.2.1-next.1
+  - @backstage/catalog-client@1.0.4-next.1
+  - @backstage/integration@1.2.2-next.1
+
 ## 1.4.0-next.0
 
 ### Minor Changes

package/dist/index.cjs.js

@@ -3898,15 +3898,27 @@ data: ${JSON.stringify(event)}
 }
 function parseBearerToken(header) {
   var _a;
-  const token = (_a = header == null ? void 0 : header.match(/Bearer\s+(\S+)/i)) == null ? void 0 : _a[1];
-  if (!token)
+  if (!header) {
     return {};
-  const [_header, rawPayload, _signature] = token.split(".");
-  const payload = JSON.parse(Buffer.from(rawPayload, "base64").toString());
-  return {
-    entityRef: payload.sub,
-    token
-  };
+  }
+  try {
+    const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
+    if (!token) {
+      throw new TypeError("Expected Bearer with JWT");
+    }
+    const [_header, rawPayload, _signature] = token.split(".");
+    const payload = JSON.parse(Buffer.from(rawPayload, "base64").toString());
+    if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
+      throw new TypeError("Malformed JWT payload");
+    }
+    const sub = payload.sub;
+    if (typeof sub !== "string") {
+      throw new TypeError("Expected string sub claim");
+    }
+    return { entityRef: sub, token };
+  } catch (e) {
+    throw new errors.InputError(`Invalid authorization header: ${errors.stringifyError(e)}`);
+  }
 }
 
 class ScaffolderEntitiesProcessor {