[FIXED] Report config error if "token" defined for cluster{} and gateway{}

Authentication token has never been supported for cluster and gateway (and leafnode). There is not even a Token option in ClusterOpts or GatewayOpts. However, the parsing of the configuration was not rejecting this misconfiguration, making users believe that token was used for authentication. Documentation will also be fixed since it is reported there that token is supported, which again, has never been the case. Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
2026-04-17 03:24:40 -07:00 · 2021-09-13 10:19:10 -06:00
parent b3c19b9dd1
commit 5c5cc88c1f
2 changed files with 39 additions and 0 deletions
--- a/server/config_check_test.go
+++ b/server/config_check_test.go
@@ -1474,6 +1474,35 @@ func TestConfigCheck(t *testing.T) {
                        `,
 			err: fmt.Errorf(`Duplicate 'store_dir' configuration`),
 		},
+		{
+			name: "token not supported in cluster",
+			config: `
+				cluster {
+					port: -1
+					authorization {
+						token: "my_token"
+					}
+				}
+			`,
+			err:       fmt.Errorf("Cluster authorization does not support tokens"),
+			errorLine: 4,
+			errorPos:  6,
+		},
+		{
+			name: "token not supported in gateway",
+			config: `
+				gateway {
+					port: -1
+					name: "A"
+					authorization {
+						token: "my_token"
+					}
+				}
+			`,
+			err:       fmt.Errorf("Gateway authorization does not support tokens"),
+			errorLine: 5,
+			errorPos:  6,
+		},
 	}

 	checkConfig := func(config string) error {
--- a/server/opts.go
+++ b/server/opts.go
@@ -1364,6 +1364,11 @@ func parseCluster(v interface{}, opts *Options, errors *[]error, warnings *[]err
 				*errors = append(*errors, err)
 				continue
 			}
+			if auth.token != _EMPTY_ {
+				err := &configErr{tk, "Cluster authorization does not support tokens"}
+				*errors = append(*errors, err)
+				continue
+			}
 			opts.Cluster.Username = auth.user
 			opts.Cluster.Password = auth.pass
 			opts.Cluster.AuthTimeout = auth.timeout
@@ -1506,6 +1511,11 @@ func parseGateway(v interface{}, o *Options, errors *[]error, warnings *[]error)
 				*errors = append(*errors, &configErr{tk, "Gateway authorization does not allow multiple users"})
 				continue
 			}
+			if auth.token != _EMPTY_ {
+				err := &configErr{tk, "Gateway authorization does not support tokens"}
+				*errors = append(*errors, err)
+				continue
+			}
 			o.Gateway.Username = auth.user
 			o.Gateway.Password = auth.pass
 			o.Gateway.AuthTimeout = auth.timeout