YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix cached_jwt_verify signature

Browse source
This commit is contained in:
Alexandre Aubin 2023-09-27 18:43:13 +02:00 committed by GitHub
parent 5eff85928e
commit 46352e6a7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
access.lua
View file

@ -25,7 +25,7 @@ local conf = config.get_config()
local cache = ngx.shared.cache local cache = ngx.shared.cache
-- Hash a string using hmac_sha512, return a hexa string -- Hash a string using hmac_sha512, return a hexa string
function cached_jwt_verify(data, method, secret) function cached_jwt_verify(data, secret)
res = cache:get(data) res = cache:get(data)
if res == nil then if res == nil then
logger:debug("Result not found in cache, checking login") logger:debug("Result not found in cache, checking login")
@ -96,7 +96,7 @@ function check_authentication()
return false, nil, nil return false, nil, nil
end end
user, pwd, err = cached_jwt_verify(cookie, "H256", cookie_secret) user, pwd, err = cached_jwt_verify(cookie, cookie_secret)
-- FIXME : maybe also check that the cookie was delivered for the requested domain (or a parent?) -- FIXME : maybe also check that the cookie was delivered for the requested domain (or a parent?)