jwt: Harden check by hardcoding accepted algorithms

This commit is contained in:
Valentin Tolmer 2021-08-30 08:56:28 +02:00 committed by nitnelave
parent 0ecd9ed263
commit 267ce51973

View File

@ -365,6 +365,12 @@ pub(crate) fn check_if_token_is_valid<Backend>(
if token.claims().exp.lt(&Utc::now()) { if token.claims().exp.lt(&Utc::now()) {
return Err(ErrorUnauthorized("Expired JWT")); return Err(ErrorUnauthorized("Expired JWT"));
} }
if token.header().algorithm != jwt::AlgorithmType::Hs512 {
return Err(ErrorUnauthorized(format!(
"Unsupported JWT algorithm: '{:?}'. Supported ones are: ['HS512']",
token.header().algorithm
)));
}
let jwt_hash = { let jwt_hash = {
let mut s = DefaultHasher::new(); let mut s = DefaultHasher::new();
token_str.hash(&mut s); token_str.hash(&mut s);