From dea2d67cebc19bd943ab76e847582254c13c8709 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Mon, 9 Jun 2025 20:57:36 +0200 Subject: [PATCH] internal/outpost: fix incorrect usage of golang SHA API (#14981) Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/application.go | 5 +++-- internal/outpost/radius/handler.go | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go index 01b0a44637..49239fbefd 100644 --- a/internal/outpost/proxyv2/application/application.go +++ b/internal/outpost/proxyv2/application/application.go @@ -5,6 +5,7 @@ import ( "crypto/sha256" "crypto/tls" "encoding/gob" + "encoding/hex" "fmt" "html/template" "net/http" @@ -118,8 +119,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server, old mux := mux.NewRouter() // Save cookie name, based on hashed client ID - h := sha256.New() - bs := string(h.Sum([]byte(*p.ClientId))) + hs := sha256.Sum256([]byte(*p.ClientId)) + bs := hex.EncodeToString(hs[:]) sessionName := fmt.Sprintf("authentik_proxy_%s", bs[:8]) // When HOST_BROWSER is set, use that as Host header for token requests to make the issuer match diff --git a/internal/outpost/radius/handler.go b/internal/outpost/radius/handler.go index 958e88b707..0b94e86743 100644 --- a/internal/outpost/radius/handler.go +++ b/internal/outpost/radius/handler.go @@ -2,6 +2,7 @@ package radius import ( "crypto/sha512" + "encoding/hex" "time" "github.com/getsentry/sentry-go" @@ -68,7 +69,9 @@ func (rs *RadiusServer) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) } } if pi == nil { - nr.Log().WithField("hashed_secret", string(sha512.New().Sum(r.Secret))).Warning("No provider found") + hs := sha512.Sum512([]byte(r.Secret)) + bs := hex.EncodeToString(hs[:]) + nr.Log().WithField("hashed_secret", bs).Warning("No provider found") _ = w.Write(r.Response(radius.CodeAccessReject)) return }