From b381f30bd7e6a9f6347f44afce62b14aaedc7162 Mon Sep 17 00:00:00 2001 From: Miguel Vaz Date: Fri, 31 May 2024 14:44:10 +0100 Subject: [PATCH] Fix bug #6059 - adds lock on calls to ComputeHash so concurrent calls do not run simultaneously --- .../Common/Controllers/JwtController.cs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/DNN Platform/Dnn.AuthServices.Jwt/Components/Common/Controllers/JwtController.cs b/DNN Platform/Dnn.AuthServices.Jwt/Components/Common/Controllers/JwtController.cs index ef6ef0c5c3e..cba374bca30 100644 --- a/DNN Platform/Dnn.AuthServices.Jwt/Components/Common/Controllers/JwtController.cs +++ b/DNN Platform/Dnn.AuthServices.Jwt/Components/Common/Controllers/JwtController.cs @@ -43,6 +43,8 @@ internal class JwtController : ServiceLocator, IJ private static readonly HashAlgorithm Hasher = SHA384.Create(); private static readonly Encoding TextEncoder = Encoding.UTF8; + private static object hasherLock = new object(); + /// public string SchemeType => "JWT"; @@ -151,7 +153,12 @@ public LoginResultData LoginUser(HttpRequestMessage request, LoginData loginData // save hash values in DB so no one with access can create JWT header from existing data var sessionId = NewSessionId; var now = DateTime.UtcNow; - var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray())); + string renewalToken = string.Empty; + lock (hasherLock) + { + renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray())); + } + var ptoken = new PersistedToken { TokenId = sessionId, @@ -381,7 +388,13 @@ private static string EncodeBase64(byte[] data) private static string GetHashedStr(string data) { - return EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data))); + string hash = string.Empty; + lock (hasherLock) + { + hash = EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data))); + } + + return hash; } private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo)