[Fix] handle missing fields in WebSocket auth

2020-05-27 18:04:27 +02:00 · 2020-05-27 18:04:27 +02:00 · 60fdb34150
parent 6caefd2132
commit 60fdb34150
1 changed files with 6 additions and 0 deletions
--- a/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java
+++ b/li.strolch.websocket/src/main/java/li/strolch/websocket/WebSocketClient.java
@ -153,6 +153,12 @@ public class WebSocketClient implements MessageHandler.Whole<String> {
 		String authToken = jsonObject.get("authToken").getAsString();
 		String username = jsonObject.get("username").getAsString();

+		if (authToken.isEmpty() || username.isEmpty()) {
+			logger.error("Received invalid authentication request: " + jsonObject.toString());
+			close(CloseReason.CloseCodes.UNEXPECTED_CONDITION, "Invalid authentication");
+			return;
+		}
+
 		try {
 			this.certificate = this.sessionHandler.validate(authToken, this.remoteIp);
 			if (!this.certificate.getUsername().equals(username)) {