Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util.jwt: Consolidate payload parsing, ensure it's always a valid object
authorMatthew Wild <mwild1@gmail.com>
Mon, 11 Jul 2022 13:42:08 +0100
changeset 12710 108b1758bd8d
parent 12709 008a7097fdc5
child 12711 f75235110045
util.jwt: Consolidate payload parsing, ensure it's always a valid object
util/jwt.lua file | annotate | diff | comparison | revisions 
--- a/util/jwt.lua	Mon Jul 11 13:28:29 2022 +0100
+++ b/util/jwt.lua	Mon Jul 11 13:42:08 2022 +0100
@@ -33,6 +33,16 @@
 	return b64url('{"alg":"'..algorithm_name..'","typ":"JWT"}') .. '.';
 end
 
+local function decode_raw_payload(raw_payload)
+	local payload, err = json.decode(unb64url(raw_payload));
+	if err ~= nil then
+		return nil, "json-decode-error";
+	elseif type(payload) ~= "table" then
+		return nil, "invalid-payload-type";
+	end
+	return true, payload;
+end
+
 -- HS*** family
 local function new_hmac_algorithm(name)
 	local static_header = new_static_header(name);
@@ -53,11 +63,8 @@
 		if not secure_equals(b64url(hmac(key, signed)), signature) then
 			return false, "signature-mismatch";
 		end
-		local payload, err = json.decode(unb64url(raw_payload));
-		if err ~= nil then
-			return nil, "json-decode-error";
-		end
-		return true, payload;
+
+		return decode_raw_payload(raw_payload);
 	end
 
 	local function load_key(key)
@@ -101,12 +108,7 @@
 				return false, "signature-mismatch";
 			end
 
-			local payload, err = json.decode(unb64url(raw_payload));
-			if err ~= nil then
-				return nil, "json-decode-error";
-			end
-
-			return true, payload;
+			return decode_raw_payload(raw_payload);
 		end;
 
 		load_public_key = function (public_key_pem)
prosody