ZF/jitsi-meet
1
0
Fork 0
mirror of https://gitcode.com/GitHub_Trending/ji/jitsi-meet.git synced 2025-12-30 11:22:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: prosody: token alg is checked before public key is used

Browse Source
This commit is contained in:
Aaron van Meerten
2021-06-02 11:12:22 -05:00
committed by Дамян Минков
parent fb144a55a3
commit 81c4e9a7fd
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
resources/prosody-plugins/token/util.lib.lua
View File

@@ -270,6 +270,13 @@ function Util:process_and_verify_token(session, acceptedIssuers)
if kid == nil then
return false, "not-allowed", "'kid' claim is missing";
end
local alg = header["alg"];
if alg == nil then
return false, "not-allowed", "'alg' claim is missing";
end
if alg.sub(alg,1,2) ~= "RS" then
return false, "not-allowed", "'kid' claim only support with RS family";
end
pubKey = self:get_public_key(kid);
if pubKey == nil then
return false, "not-allowed", "could not obtain public key";