haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for "none" alg in JWT signing

This commit is contained in:
Sam Whited 2016-07-18 13:27:14 -05:00
parent 5b884806d2
commit d625b8e3f3
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
prosody-plugins/token/util.lib.lua
View File

@ -21,6 +21,11 @@ local function _verify_token(token, appId, appSecret, roomName, disableRoomNameC
return nil, err; return nil, err;
end end
local alg = claims["alg"];
if alg ~= nil and (alg == "none" or alg == "") then
return nil, "'alg' claim must not be empty";
end
local issClaim = claims["iss"]; local issClaim = claims["iss"];
if issClaim == nil then if issClaim == nil then
return nil, "'iss' claim is missing"; return nil, "'iss' claim is missing";