Make Validation::algorithms an error if empty
This commit is contained in:
parent
fd2c314d3c
commit
b6dafd63dd
|
@ -7,6 +7,7 @@
|
|||
- `DecodingKey` now own its data
|
||||
- Remove deprecated `dangerous_unsafe_decode`
|
||||
- `Validation::iss` is now a `HashSet` instead of a single value
|
||||
- `decode` will now error if `Validation::algorithms` is empty
|
||||
|
||||
## 7.2.0 (2020-06-30)
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "jsonwebtoken"
|
||||
version = "8.0.0-beta.1"
|
||||
version = "8.0.0-beta.2"
|
||||
authors = ["Vincent Prouillet <hello@vincentprouillet.com>"]
|
||||
license = "MIT"
|
||||
readme = "README.md"
|
||||
|
|
|
@ -154,6 +154,10 @@ pub fn verify_signature<'a>(
|
|||
key: &DecodingKey,
|
||||
validation: &Validation,
|
||||
) -> Result<(Header, &'a str)> {
|
||||
if validation.algorithms.is_empty() {
|
||||
return Err(new_error(ErrorKind::MissingAlgorithm));
|
||||
}
|
||||
|
||||
for alg in &validation.algorithms {
|
||||
if key.family != alg.family() {
|
||||
return Err(new_error(ErrorKind::InvalidAlgorithm));
|
||||
|
|
|
@ -63,6 +63,8 @@ pub enum ErrorKind {
|
|||
/// When the algorithm in the header doesn't match the one passed to `decode` or the encoding/decoding key
|
||||
/// used doesn't match the alg requested
|
||||
InvalidAlgorithm,
|
||||
/// When the Validation struct does not contain at least 1 algorithm
|
||||
MissingAlgorithm,
|
||||
|
||||
// 3rd party errors
|
||||
/// An error happened when decoding some base64 text
|
||||
|
@ -84,6 +86,7 @@ impl StdError for Error {
|
|||
ErrorKind::RsaFailedSigning => None,
|
||||
ErrorKind::InvalidRsaKey(_) => None,
|
||||
ErrorKind::ExpiredSignature => None,
|
||||
ErrorKind::MissingAlgorithm => None,
|
||||
ErrorKind::InvalidIssuer => None,
|
||||
ErrorKind::InvalidAudience => None,
|
||||
ErrorKind::InvalidSubject => None,
|
||||
|
@ -107,6 +110,7 @@ impl fmt::Display for Error {
|
|||
| ErrorKind::InvalidEcdsaKey
|
||||
| ErrorKind::ExpiredSignature
|
||||
| ErrorKind::RsaFailedSigning
|
||||
| ErrorKind::MissingAlgorithm
|
||||
| ErrorKind::InvalidIssuer
|
||||
| ErrorKind::InvalidAudience
|
||||
| ErrorKind::InvalidSubject
|
||||
|
|
|
@ -59,8 +59,8 @@ pub struct Validation {
|
|||
///
|
||||
/// Defaults to `None`.
|
||||
pub sub: Option<String>,
|
||||
/// If it contains a value, the validation will check that the `alg` of the header is contained
|
||||
/// in the ones provided and will error otherwise.
|
||||
/// The validation will check that the `alg` of the header is contained
|
||||
/// in the ones provided and will error otherwise. Will error if it is empty.
|
||||
///
|
||||
/// Defaults to `vec![Algorithm::HS256]`.
|
||||
pub algorithms: Vec<Algorithm>,
|
||||
|
|
Loading…
Reference in New Issue