mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

jwt: Harden check by hardcoding accepted algorithms

Browse Source
This commit is contained in:
Valentin Tolmer 2021-08-30 08:56:28 +02:00
parent d2d7274925
commit cc2a4b16f7
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/infra/auth_service.rs
View File

@ -365,6 +365,12 @@ pub(crate) fn check_if_token_is_valid<Backend>(
if token.claims().exp.lt(&Utc::now()) { if token.claims().exp.lt(&Utc::now()) {
return Err(ErrorUnauthorized("Expired JWT")); return Err(ErrorUnauthorized("Expired JWT"));
} }
if token.header().algorithm != jwt::AlgorithmType::Hs512 {
return Err(ErrorUnauthorized(format!(
"Unsupported JWT algorithm: '{:?}'. Supported ones are: ['HS512']",
token.header().algorithm
)));
}
let jwt_hash = { let jwt_hash = {
let mut s = DefaultHasher::new(); let mut s = DefaultHasher::new();
token_str.hash(&mut s); token_str.hash(&mut s);