You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/30 18:23:49 UTC
[GitHub] [couchdb] rnewson commented on a change in pull request #2732:
Enhance JWT controls (again)
rnewson commented on a change in pull request #2732: Enhance JWT controls (again)
URL: https://github.com/apache/couchdb/pull/2732#discussion_r400401402
##########
File path: src/jwtf/src/jwtf.erl
##########
@@ -123,15 +123,33 @@ validate(Header0, Payload0, Signature, Checks, KS) ->
Key = key(Header1, Checks, KS),
verify(Alg, Header0, Payload0, Signature, Key).
+
validate_checks(Checks) when is_list(Checks) ->
- UnknownChecks = proplists:get_keys(Checks) -- ?CHECKS,
+ case {lists:usort(Checks), lists:sort(Checks)} of
+ {L, L} ->
+ ok;
+ {L1, L2} ->
+ error({duplicate_checks, L2 -- L1})
+ end,
+ {_, UnknownChecks} = lists:partition(fun valid_check/1, Checks),
case UnknownChecks of
[] ->
ok;
UnknownChecks ->
error({unknown_checks, UnknownChecks})
end.
+
+valid_check(Check) when is_atom(Check) ->
+ lists:member(Check, ?CHECKS);
+
+valid_check({Check, _}) when is_atom(Check) ->
Review comment:
for example, the `iss` check has a value, you have to say `{iss, <<"name of issuer">>}` in the `Check` param, and then jwtf will reject tokens with no `iss` property or with one where the value doesn't match.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services