fix JWT verification (#18957)

akosyakov · web-flow · commit 90c3541868da · 2023-10-19T16:24:27.000+03:00
diff --git a/components/server/src/session-handler.ts b/components/server/src/session-handler.ts
@@ -113,7 +113,7 @@ export class SessionHandler {
             if (!subject) {
                 throw new Error("Subject is missing from JWT session claims");
             }
-            return await this.userService.findUserById(claims.subject, claims.subject);
+            return await this.userService.findUserById(subject, subject);
         } catch (err) {
             log.warn("Failed to authenticate user with JWT Session", err);
             // Remove the existing cookie, to force the user to re-sing in, and hence refresh it

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ export class SessionHandler {`
`113`	`113`	`if (!subject) {`
`114`	`114`	`throw new Error("Subject is missing from JWT session claims");`
`115`	`115`	`}`
`116`		`- return await this.userService.findUserById(claims.subject, claims.subject);`
	`116`	`+ return await this.userService.findUserById(subject, subject);`
`117`	`117`	`} catch (err) {`
`118`	`118`	`log.warn("Failed to authenticate user with JWT Session", err);`
`119`	`119`	`// Remove the existing cookie, to force the user to re-sing in, and hence refresh it`