1
0
Fork 0
mirror of https://github.com/zhaofengli/attic.git synced 2024-12-14 11:57:30 +00:00

token: Don't require valid UTF-8 for HS256 secrets

This commit is contained in:
Zhaofeng Li 2024-10-06 11:19:03 -06:00
parent b4338a1670
commit dcadbec66b
2 changed files with 4 additions and 5 deletions

View file

@ -444,8 +444,7 @@ impl StdError for Error {}
pub fn decode_token_hs256_secret_base64(s: &str) -> Result<HS256Key> { pub fn decode_token_hs256_secret_base64(s: &str) -> Result<HS256Key> {
let decoded = BASE64_STANDARD.decode(s).map_err(Error::Base64Error)?; let decoded = BASE64_STANDARD.decode(s).map_err(Error::Base64Error)?;
let secret = std::str::from_utf8(&decoded).map_err(Error::Utf8Error)?; Ok(HS256Key::from_bytes(&decoded))
Ok(HS256Key::from_bytes(&secret.as_bytes()))
} }
pub fn decode_token_rs256_secret_base64(s: &str) -> Result<RS256KeyPair> { pub fn decode_token_rs256_secret_base64(s: &str) -> Result<RS256KeyPair> {

View file

@ -32,11 +32,11 @@ fn test_basic() {
( (
"hs256", "hs256",
Box::new(|| { Box::new(|| {
// "very secure secret" // printf '\xc3\x28 <- invalid utf8' | base64
let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0"; let base64_secret = "wyggPC0gaW52YWxpZCB1dGY4";
let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap(); let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MTY2NjA1ODksInN1YiI6Im1lb3cifQ.8vtxp_1OEYdcnkGPM4c9ORXooJZV7DOTS4NRkMKN8mw"; let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MjgyMzI5OTYsIm5iZiI6MCwic3ViIjoibWVvdyJ9.wESluTI5K5v2W1WISGwAjazKMMUZBD-zSUYN-_XFN9I";
Token::from_jwt(token, &SignatureType::HS256(dec_key), &None, &None).unwrap() Token::from_jwt(token, &SignatureType::HS256(dec_key), &None, &None).unwrap()
}), }),