searchengines-web/MeiliSearch
searchengines-web
/
MeiliSearch
mirror of https://github.com/meilisearch/MeiliSearch
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix tenant token validation when exp is null

This commit is contained in:
ManyTheFish 2022-03-15 16:10:33 +01:00 committed by Kerollmops
parent 968053649b
commit 4aef7c5ac5
No known key found for this signature in database
GPG Key ID: 92ADA4E935E71FA4
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
meilisearch-http/src/extractors/authentication/mod.rs
View File

@ -144,6 +144,7 @@ pub mod policies {
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
let mut validation = Validation::default();
validation.validate_exp = false;
validation.required_spec_claims.remove("exp");
validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
validation
});
@ -205,9 +206,7 @@ pub mod policies {
return None;
}
let mut validation = Validation::default();
validation.validate_exp = false;
validation.validate_nbf = false;
let mut validation = TENANT_TOKEN_VALIDATION.clone();
validation.insecure_disable_signature_validation();
let dummy_key = DecodingKey::from_secret(b"secret");
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;