Subscription+JWT crashes if ExpiresAt is not given in the JWT

Report a Dgraph Bug

What version of Dgraph are you using?

master

Have you tried reproducing the issue with the latest release?

yes

What is the hardware spec (RAM, OS)?

8GB, Ubuntu

Steps to reproduce the issue (command/config used to run Dgraph).

  1. create a GraphQL schema with auth enabled
  2. create a JWT without ExpiresAt
  3. try to create a subscription by using that JWT

Expected behaviour and actual result.

expected: that the subscription works
actual result:

[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1702b45]

goroutine 311 [running]:
github.com/dgraph-io/dgraph/graphql/subscription.(*Poller).AddSubscriber(0xc0004838f0, 0xc02f5b22a0, 0xc00022a850, 0x0, 0x0, 0x0)
	/home/user/dgraph/graphql/subscription/poller.go:114 +0x555
github.com/dgraph-io/dgraph/graphql/web.(*graphqlSubscription).Subscribe(0xc00058a1c0, 0x1e1d440, 0xc02f5b2090, 0xc02f57e6e0, 0x48, 0x0, 0x0, 0xc000157f80, 0x8, 0x7fcb702ed170, ...)
	/home/user/dgraph/graphql/web/http.go:165 +0x24c
github.com/dgraph-io/graphql-transport-ws/graphqlws/internal/connection.(*connection).readLoop(0xc02f6ca000, 0x1e1d380, 0xc02f6cc000, 0xc02f537fe0)
	/home/user/go/pkg/mod/github.com/dgraph-io/graphql-transport-ws@v0.0.0-20200715131837-c0460019ead2/graphqlws/internal/connection/connection.go:191 +0x6de
github.com/dgraph-io/graphql-transport-ws/graphqlws/internal/connection.Connect(0x1e1ff80, 0xc02f688c60, 0x1dea280, 0xc00058a1c0, 0x0, 0x0, 0x0, 0xbc4d5e64)
	/home/user/go/pkg/mod/github.com/dgraph-io/graphql-transport-ws@v0.0.0-20200715131837-c0460019ead2/graphqlws/internal/connection/connection.go:97 +0x214
created by github.com/dgraph-io/graphql-transport-ws/graphqlws.NewHandlerFunc.func1
	/home/user/go/pkg/mod/github.com/dgraph-io/graphql-transport-ws@v0.0.0-20200715131837-c0460019ead2/graphqlws/http.go:33 +0x1bc

I figure it’s because it’s trying to dereference customClaims.StandardClaims.ExpiresAt.Time, although ExpiresAt is nil.

Thanks for reporting this @rliang. We are looking into investigating this and will soon add a fix for this.

Hi @rilang, we have added fix for this bug in the master branch , and it would also be avaliable in 20.07.1.