Set the JWT algorithm to RS256 in decode specs

By default, the JWT decode only allows HS256 mode (HMAC using SHA-256 hash algorithm). The specs using RSA tokens failed per https://github.com/jwt/ruby-jwt#algorithms-and-usage: It is strongly recommended that you hard code the algorithm, as you may leave yourself vulnerable by dynamically picking the algorithm.
2018-12-29 06:20:04 -08:00 · 2018-12-29 06:20:04 -08:00 · 34f51dee0d
parent ae8724ff22
commit 34f51dee0d
2 changed files with 3 additions and 3 deletions
--- a/spec/lib/json_web_token/rsa_token_spec.rb
+++ b/spec/lib/json_web_token/rsa_token_spec.rb
@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do
        rsa_token['key'] = 'value'
      end

-      subject { JWT.decode(rsa_encoded, rsa_key) }
+      subject { JWT.decode(rsa_encoded, rsa_key, true, { algorithm: 'RS256' }) }

      it { expect {subject}.not_to raise_error }
      it { expect(subject.first).to include('key' => 'value') }
@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do

    context 'for invalid key to raise an exception' do
      let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
-      subject { JWT.decode(rsa_encoded, new_key) }
+      subject { JWT.decode(rsa_encoded, new_key, true, { algorithm: 'RS256' }) }

      it { expect {subject}.to raise_error(JWT::DecodeError) }
    end
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do
  let(:current_user) { nil }
  let(:current_params) { {} }
  let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
-  let(:payload) { JWT.decode(subject[:token], rsa_key).first }
+  let(:payload) { JWT.decode(subject[:token], rsa_key, true, { algorithm: 'RS256' }).first }

  let(:authentication_abilities) do
    [:read_container_image, :create_container_image, :admin_container_image]