Set the JWT algorithm to RS256 in decode specs
By default, the JWT decode only allows HS256 mode (HMAC using SHA-256 hash algorithm). The specs using RSA tokens failed per https://github.com/jwt/ruby-jwt#algorithms-and-usage: It is strongly recommended that you hard code the algorithm, as you may leave yourself vulnerable by dynamically picking the algorithm.
This commit is contained in:
parent
ae8724ff22
commit
34f51dee0d
|
@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do
|
||||||
rsa_token['key'] = 'value'
|
rsa_token['key'] = 'value'
|
||||||
end
|
end
|
||||||
|
|
||||||
subject { JWT.decode(rsa_encoded, rsa_key) }
|
subject { JWT.decode(rsa_encoded, rsa_key, true, { algorithm: 'RS256' }) }
|
||||||
|
|
||||||
it { expect {subject}.not_to raise_error }
|
it { expect {subject}.not_to raise_error }
|
||||||
it { expect(subject.first).to include('key' => 'value') }
|
it { expect(subject.first).to include('key' => 'value') }
|
||||||
|
@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do
|
||||||
|
|
||||||
context 'for invalid key to raise an exception' do
|
context 'for invalid key to raise an exception' do
|
||||||
let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
|
let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
|
||||||
subject { JWT.decode(rsa_encoded, new_key) }
|
subject { JWT.decode(rsa_encoded, new_key, true, { algorithm: 'RS256' }) }
|
||||||
|
|
||||||
it { expect {subject}.to raise_error(JWT::DecodeError) }
|
it { expect {subject}.to raise_error(JWT::DecodeError) }
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do
|
||||||
let(:current_user) { nil }
|
let(:current_user) { nil }
|
||||||
let(:current_params) { {} }
|
let(:current_params) { {} }
|
||||||
let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
|
let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
|
||||||
let(:payload) { JWT.decode(subject[:token], rsa_key).first }
|
let(:payload) { JWT.decode(subject[:token], rsa_key, true, { algorithm: 'RS256' }).first }
|
||||||
|
|
||||||
let(:authentication_abilities) do
|
let(:authentication_abilities) do
|
||||||
[:read_container_image, :create_container_image, :admin_container_image]
|
[:read_container_image, :create_container_image, :admin_container_image]
|
||||||
|
|
Loading…
Reference in New Issue