You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/16 16:52:29 UTC
[GitHub] [couchdb] rnewson opened a new pull request #2668: Throw if an
unknown check is passed to jwtf:decode
rnewson opened a new pull request #2668: Throw if an unknown check is passed to jwtf:decode
URL: https://github.com/apache/couchdb/pull/2668
## Overview
Throw if an unknown check is passed to jwtf:decode
## Testing recommendations
N/A
## Related Issues or Pull Requests
https://github.com/apache/couchdb/pull/2648
## Checklist
- [x] Code is written and works correctly
- [x] Changes are covered by tests
- [ ] Any new configurable parameters are documented in `rel/overlay/etc/default.ini`
- [ ] A PR for documentation changes has been made in https://github.com/apache/couchdb-documentation
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson commented on a change in pull request #2668:
Throw if an unknown check is passed to jwtf:decode
Posted by GitBox <gi...@apache.org>.
rnewson commented on a change in pull request #2668: Throw if an unknown check is passed to jwtf:decode
URL: https://github.com/apache/couchdb/pull/2668#discussion_r393184209
##########
File path: src/jwtf/src/jwtf.erl
##########
@@ -112,6 +113,15 @@ validate(Header0, Payload0, Signature, Checks, KS) ->
Key = key(Header1, Checks, KS),
verify(Alg, Header0, Payload0, Signature, Key).
+validate_checks(Checks) when is_list(Checks) ->
+ ValidChecks = [alg, exp, iat, iss, kid, nbf, sig, typ],
Review comment:
definitely.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] jaydoane commented on a change in pull request #2668:
Throw if an unknown check is passed to jwtf:decode
Posted by GitBox <gi...@apache.org>.
jaydoane commented on a change in pull request #2668: Throw if an unknown check is passed to jwtf:decode
URL: https://github.com/apache/couchdb/pull/2668#discussion_r393179782
##########
File path: src/jwtf/src/jwtf.erl
##########
@@ -112,6 +113,15 @@ validate(Header0, Payload0, Signature, Checks, KS) ->
Key = key(Header1, Checks, KS),
verify(Alg, Header0, Payload0, Signature, Key).
+validate_checks(Checks) when is_list(Checks) ->
+ ValidChecks = [alg, exp, iat, iss, kid, nbf, sig, typ],
Review comment:
I would prefer to see these defined at the top of the file along with `ALGS`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [couchdb] rnewson merged pull request #2668: Throw if an unknown
check is passed to jwtf:decode
Posted by GitBox <gi...@apache.org>.
rnewson merged pull request #2668: Throw if an unknown check is passed to jwtf:decode
URL: https://github.com/apache/couchdb/pull/2668
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services