fix: remove zjwt (#5774)

* fix: remove zjwt

Signed-off-by: kshamajain99 <kshamajain99@gmail.com>

server/server.go

@@ -20,7 +20,6 @@ import (
 	// nolint:staticcheck
 	golang_proto "github.com/golang/protobuf/proto"
 
-	"github.com/argoproj/pkg/jwt/zjwt"
 	"github.com/argoproj/pkg/sync"
 	"github.com/dgrijalva/jwt-go/v4"
 	"github.com/go-redis/redis/v8"
@@ -94,6 +93,7 @@ import (
 	"github.com/argoproj/argo-cd/util/healthz"
 	httputil "github.com/argoproj/argo-cd/util/http"
 	"github.com/argoproj/argo-cd/util/io"
+	jwtutil "github.com/argoproj/argo-cd/util/jwt"
 	kubeutil "github.com/argoproj/argo-cd/util/kube"
 	"github.com/argoproj/argo-cd/util/oidc"
 	"github.com/argoproj/argo-cd/util/rbac"
@@ -620,13 +620,6 @@ func (a *ArgoCDServer) setTokenCookie(token string, w http.ResponseWriter) error
 	if !a.Insecure {
 		flags = append(flags, "Secure")
 	}
-	if token != "" {
-		var err error
-		token, err = zjwt.ZJWT(token)
-		if err != nil {
-			return err
-		}
-	}
 	cookies, err := httputil.MakeCookieMetadata(common.AuthCookieName, token, flags...)
 	if err != nil {
 		return err
@@ -964,12 +957,12 @@ func getToken(md metadata.MD) string {
 		}
 	}
 
-	var tokens []string
-
 	// looks for the HTTP header `Authorization: Bearer ...`
+	// argocd prefers bearer token over cookie
 	for _, t := range md["authorization"] {
-		if strings.HasPrefix(t, "Bearer ") {
-			tokens = append(tokens, strings.TrimPrefix(t, "Bearer "))
+		token := strings.TrimPrefix(t, "Bearer ")
+		if strings.HasPrefix(t, "Bearer ") && jwtutil.IsValid(token) {
+			return token
 		}
 	}
 
@@ -979,17 +972,11 @@ func getToken(md metadata.MD) string {
 		header.Add("Cookie", t)
 		request := http.Request{Header: header}
 		token, err := httputil.JoinCookies(common.AuthCookieName, request.Cookies())
-		if token != "" && err == nil {
-			tokens = append(tokens, token)
+		if err == nil && jwtutil.IsValid(token) {
+			return token
 		}
 	}
 
-	for _, t := range tokens {
-		value, err := zjwt.JWT(t)
-		if err == nil {
-			return value
-		}
-	}
 	return ""
 }
 

util/jwt/jwt.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	jwtgo "github.com/dgrijalva/jwt-go/v4"
@@ -141,3 +142,7 @@ func IsMember(claims jwtgo.Claims, groups []string, scopes []string) bool {
 func GetGroups(mapClaims jwtgo.MapClaims, scopes []string) []string {
 	return GetScopeValues(mapClaims, scopes)
 }
+
+func IsValid(token string) bool {
+	return len(strings.SplitN(token, ".", 3)) == 3
+}

util/jwt/jwt_test.go

@@ -60,3 +60,11 @@ func TestIssuedAtTime_Error_Missing(t *testing.T) {
 	assert.NotNil(t, err)
 	assert.Equal(t, time.Unix(0, 0), iat)
 }
+
+func TestIsValid(t *testing.T) {
+	assert.Equal(t, true, IsValid("foo.bar.foo"))
+	assert.Equal(t, true, IsValid("foo.bar.foo.bar"))
+	assert.Equal(t, false, IsValid("foo.bar"))
+	assert.Equal(t, false, IsValid("foo"))
+	assert.Equal(t, false, IsValid(""))
+}

util/oidc/oidc.go

@@ -13,7 +13,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/argoproj/pkg/jwt/zjwt"
 	gooidc "github.com/coreos/go-oidc"
 	"github.com/dgrijalva/jwt-go/v4"
 	log "github.com/sirupsen/logrus"
@@ -325,11 +324,6 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if idTokenRAW != "" {
-		idTokenRAW, err = zjwt.ZJWT(idTokenRAW)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
 		cookies, err := httputil.MakeCookieMetadata(common.AuthCookieName, idTokenRAW, flags...)
 		if err != nil {
 			claimsJSON, _ := json.Marshal(claims)