jfinn
/
jitsi_app_c0
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
Bladeren bron

allow wildcard in token issuer verification

master
slauth 5 jaren geleden
bovenliggende
2a01d3550c
commit
9742e90bb5
1 gewijzigde bestanden met toevoegingen van 13 en 7 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 13
    7
      resources/prosody-plugins/token/util.lib.lua

+ 13
- 7
resources/prosody-plugins/token/util.lib.lua Bestand weergeven 

@@ -142,40 +142,44 @@ function Util:get_public_key(keyId)
142 142 
 end
143 143
144 144 
 --- Verifies issuer part of token
145 
+-- @param 'issClaim' claim from the token to verify
145 146 
 -- @param 'acceptedIssuers' list of issuers to check
146 147 
 -- @return nil and error string or true for accepted claim
147 148 
 function Util:verify_issuer(issClaim, acceptedIssuers)
148 149 
     if not acceptedIssuers then
149 150 
         acceptedIssuers = self.acceptedIssuers
150 151 
     end
151 
-    module:log("debug","verify_issuer claim: %s against accepted: %s",issClaim, acceptedIssuers);
152 
+    module:log("debug", "verify_issuer claim: %s against accepted: %s", issClaim, acceptedIssuers);
152 153 
     for i, iss in ipairs(acceptedIssuers) do
154 
+        if iss == '*' then
155 
+            -- "*" indicates to accept any issuer in the claims so return success
156 
+            return true;
157 
+        end
153 158 
         if issClaim == iss then
154 
-            --claim matches an accepted issuer so return success
159 
+            -- claim matches an accepted issuer so return success
155 160 
             return true;
156 161 
         end
157 162 
     end
158 
-    --if issClaim not found in acceptedIssuers, fail claim
163 
+    -- if issClaim not found in acceptedIssuers, fail claim
159 164 
     return nil, "Invalid issuer ('iss' claim)";
160 165 
 end
161 166
162 167 
 --- Verifies audience part of token
168 
+-- @param 'audClaim' claim from the token to verify
163 169 
 -- @return nil and error string or true for accepted claim
164 170 
 function Util:verify_audience(audClaim)
165 
-    module:log("debug","verify_audience claim: %s against accepted: %s",audClaim, self.acceptedAudiences);
171 
+    module:log("debug", "verify_audience claim: %s against accepted: %s", audClaim, self.acceptedAudiences);
166 172 
     for i, aud in ipairs(self.acceptedAudiences) do
167 173 
         if aud == '*' then
168 
-            --* indicates to accept any audience in the claims so return success
174 
+            -- "*" indicates to accept any audience in the claims so return success
169 175 
             return true;
170 176 
         end
171 177 
         if audClaim == aud then
172 
-            --claim matches an accepted audience so return success
178 
+            -- claim matches an accepted audience so return success
173 179 
             return true;
174 180 
         end
175 181 
     end
176 
-    --if issClaim not found in acceptedIssuers, fail claim
182 
+    -- if audClaim not found in acceptedAudiences, fail claim
177 183 
     return nil, "Invalid audience ('aud' claim)";
178 184 
 end
179 185

Schrijf Voorbeeld
Laden…
Annuleren
Opslaan