deps: replace jsrsasign
We were only using a couple of utility functionss to parse tokens, not to validate them in any way.
This commit is contained in:
parent
c6d5e103f5
commit
70d8fe91c3
|
@ -5313,9 +5313,9 @@
|
|||
"integrity": "sha1-eAqZyE59YAJgNhURxId2E78k9rs="
|
||||
},
|
||||
"base64-js": {
|
||||
"version": "1.2.3",
|
||||
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.2.3.tgz",
|
||||
"integrity": "sha512-MsAhsUW1GxCdgYSO6tAfZrNapmUKk7mWx/k5mFY/A1gBtkaCaNapTg+FExCw1r9yeaZhqx/xPg43xgTFH6KL5w=="
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz",
|
||||
"integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g=="
|
||||
},
|
||||
"basic-auth": {
|
||||
"version": "2.0.1",
|
||||
|
@ -10714,11 +10714,6 @@
|
|||
"verror": "1.10.0"
|
||||
}
|
||||
},
|
||||
"jsrsasign": {
|
||||
"version": "8.0.12",
|
||||
"resolved": "https://registry.npmjs.org/jsrsasign/-/jsrsasign-8.0.12.tgz",
|
||||
"integrity": "sha1-Iqu5ZW00owuVMENnIINeicLlwxY="
|
||||
},
|
||||
"jssha": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/jssha/-/jssha-2.3.1.tgz",
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
"@tensorflow/tfjs": "1.5.1",
|
||||
"@webcomponents/url": "0.7.1",
|
||||
"amplitude-js": "4.5.2",
|
||||
"base64-js": "1.3.1",
|
||||
"bc-css-flags": "3.0.0",
|
||||
"dropbox": "4.0.9",
|
||||
"i18n-iso-countries": "3.7.8",
|
||||
|
@ -54,7 +55,6 @@
|
|||
"jquery-i18next": "1.2.1",
|
||||
"js-md5": "0.6.1",
|
||||
"js-utils": "github:jitsi/js-utils#cf11996bd866fdb47326c59a5d3bc24be17282d4",
|
||||
"jsrsasign": "8.0.12",
|
||||
"jwt-decode": "2.2.0",
|
||||
"lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#3c8d411c96fdfa18c57111630f29880f3f72949e",
|
||||
"libflacjs": "github:mmig/libflac.js#93d37e7f811f01cf7d8b6a603e38bd3c3810907d",
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
// @flow
|
||||
|
||||
import { Client } from '@microsoft/microsoft-graph-client';
|
||||
import rs from 'jsrsasign';
|
||||
import base64js from 'base64-js';
|
||||
|
||||
import type { Dispatch } from 'redux';
|
||||
|
||||
import { createDeferred } from '../../../../modules/util/helpers';
|
||||
|
@ -452,8 +453,13 @@ function getValidatedTokenParts(tokenInfo, guids, appId) {
|
|||
return null;
|
||||
}
|
||||
|
||||
const payload
|
||||
= rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(tokenParts[1]));
|
||||
let payload;
|
||||
|
||||
try {
|
||||
payload = JSON.parse(b64utoutf8(tokenParts[1]));
|
||||
} catch (e) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (payload.nonce !== guids.authNonce
|
||||
|| payload.aud !== appId
|
||||
|
@ -596,3 +602,40 @@ function s4(num) {
|
|||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.
|
||||
*
|
||||
* @param {string} str - The string that needs conversion.
|
||||
* @private
|
||||
* @returns {string} - The converted string.
|
||||
*/
|
||||
function b64utoutf8(str) {
|
||||
let s = str;
|
||||
|
||||
// Convert from Base64URL to Base64.
|
||||
|
||||
if (s.length % 4 === 2) {
|
||||
s += '==';
|
||||
} else if (s.length % 4 === 3) {
|
||||
s += '=';
|
||||
}
|
||||
|
||||
s = s.replace(/-/g, '+').replace(/_/g, '/');
|
||||
|
||||
// Convert Base64 to a byte array.
|
||||
|
||||
const bytes = base64js.toByteArray(s);
|
||||
|
||||
// Convert bytes to hex.
|
||||
|
||||
s = bytes.reduce((str_, byte) => str_ + byte.toString(16).padStart(2, '0'), '');
|
||||
|
||||
// Convert a hexadecimal string to a URLComponent string
|
||||
|
||||
s = s.replace(/(..)/g, '%$1');
|
||||
|
||||
// Decodee the URI component
|
||||
|
||||
return decodeURIComponent(s);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue