mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
jwt: Harden check by hardcoding accepted algorithms
This commit is contained in:
parent
0ecd9ed263
commit
267ce51973
@ -365,6 +365,12 @@ pub(crate) fn check_if_token_is_valid<Backend>(
|
||||
if token.claims().exp.lt(&Utc::now()) {
|
||||
return Err(ErrorUnauthorized("Expired JWT"));
|
||||
}
|
||||
if token.header().algorithm != jwt::AlgorithmType::Hs512 {
|
||||
return Err(ErrorUnauthorized(format!(
|
||||
"Unsupported JWT algorithm: '{:?}'. Supported ones are: ['HS512']",
|
||||
token.header().algorithm
|
||||
)));
|
||||
}
|
||||
let jwt_hash = {
|
||||
let mut s = DefaultHasher::new();
|
||||
token_str.hash(&mut s);
|
||||
|
Loading…
Reference in New Issue
Block a user