mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-12-01 17:15:46 +01:00
Fix tenant token validation when exp is null
This commit is contained in:
parent
968053649b
commit
4aef7c5ac5
@ -144,6 +144,7 @@ pub mod policies {
|
|||||||
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
|
pub static TENANT_TOKEN_VALIDATION: Lazy<Validation> = Lazy::new(|| {
|
||||||
let mut validation = Validation::default();
|
let mut validation = Validation::default();
|
||||||
validation.validate_exp = false;
|
validation.validate_exp = false;
|
||||||
|
validation.required_spec_claims.remove("exp");
|
||||||
validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
|
validation.algorithms = vec![Algorithm::HS256, Algorithm::HS384, Algorithm::HS512];
|
||||||
validation
|
validation
|
||||||
});
|
});
|
||||||
@ -205,9 +206,7 @@ pub mod policies {
|
|||||||
return None;
|
return None;
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut validation = Validation::default();
|
let mut validation = TENANT_TOKEN_VALIDATION.clone();
|
||||||
validation.validate_exp = false;
|
|
||||||
validation.validate_nbf = false;
|
|
||||||
validation.insecure_disable_signature_validation();
|
validation.insecure_disable_signature_validation();
|
||||||
let dummy_key = DecodingKey::from_secret(b"secret");
|
let dummy_key = DecodingKey::from_secret(b"secret");
|
||||||
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
|
let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
|
||||||
|
Loading…
Reference in New Issue
Block a user