prosody
b3f7c77c1f08
util/paseto.lua
Software / code / prosody
Comparison
util/paseto.lua @ 12709:b3f7c77c1f08
util.paseto: Fix to decode footer before comparison
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 11 Jul 2022 13:51:39 +0100 |
| parent | 12694:26a004c96ef8 |
| child | 12710:2dbb3335cd34 |
comparison
equal
deleted
inserted
replaced
| 12708:9953ac7b0c15 | 12709:b3f7c77c1f08 |
|---|---|
| 67 end | 67 end |
| 68 local h, sm, f = tok:match("^(v4%.public%.)([^%.]+)%.?(.*)$"); | 68 local h, sm, f = tok:match("^(v4%.public%.)([^%.]+)%.?(.*)$"); |
| 69 if not h then | 69 if not h then |
| 70 return nil, "invalid-token-format"; | 70 return nil, "invalid-token-format"; |
| 71 end | 71 end |
| 72 f = f and unb64url(f) or nil; | |
| 72 if expected_f then | 73 if expected_f then |
| 73 if not f or not secure_equals(expected_f, f) then | 74 if not f or not secure_equals(expected_f, f) then |
| 74 return nil, "invalid-footer"; | 75 return nil, "invalid-footer"; |
| 75 end | 76 end |
| 76 end | 77 end |
