jfinn
/
jitsi_corner8
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Check for "none" alg in JWT signing

j8
Sam Whited 9 years ago
parent
5b884806d2
commit
d625b8e3f3
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5
    0
      prosody-plugins/token/util.lib.lua

+ 5
- 0
prosody-plugins/token/util.lib.lua View File 

@@ -21,6 +21,11 @@ local function _verify_token(token, appId, appSecret, roomName, disableRoomNameC
21 21 
 		return nil, err;
22 22 
 	end
23 23
24 
+	local alg = claims["alg"];
25 
+	if alg ~= nil and (alg == "none" or alg == "") then
26 
+		return nil, "'alg' claim must not be empty";
27 
+	end
28 
+
24 29 
 	local issClaim = claims["iss"];
25 30 
 	if issClaim == nil then
26 31 
 		return nil, "'iss' claim is missing";

Write Preview
Loading…
Cancel
Save