A fork of attic a self-hostable Nix Binary Cache server
token: Don't require valid UTF-8 for HS256 secrets
+4
-5
+1
-2
token/src/lib.rs
+1
-2
token/src/lib.rs
···
444
444
445
445
pub fn decode_token_hs256_secret_base64(s: &str) -> Result<HS256Key> {
446
446
let decoded = BASE64_STANDARD.decode(s).map_err(Error::Base64Error)?;
447
-
let secret = std::str::from_utf8(&decoded).map_err(Error::Utf8Error)?;
448
-
Ok(HS256Key::from_bytes(&secret.as_bytes()))
447
+
Ok(HS256Key::from_bytes(&decoded))
449
448
}
450
449
451
450
pub fn decode_token_rs256_secret_base64(s: &str) -> Result<RS256KeyPair> {
+3
-3
token/src/tests.rs
+3
-3
token/src/tests.rs
···
32
32
(
33
33
"hs256",
34
34
Box::new(|| {
35
-
// "very secure secret"
36
-
let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0";
35
+
// printf '\xc3\x28 <- invalid utf8' | base64
36
+
let base64_secret = "wyggPC0gaW52YWxpZCB1dGY4";
37
37
let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
38
38
39
-
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MTY2NjA1ODksInN1YiI6Im1lb3cifQ.8vtxp_1OEYdcnkGPM4c9ORXooJZV7DOTS4NRkMKN8mw";
39
+
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MjgyMzI5OTYsIm5iZiI6MCwic3ViIjoibWVvdyJ9.wESluTI5K5v2W1WISGwAjazKMMUZBD-zSUYN-_XFN9I";
40
40
41
41
Token::from_jwt(token, &SignatureType::HS256(dec_key), &None, &None).unwrap()
42
42
}),