prosody
83e127eb91f9
util/jwt.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

util/jwt.lua @ 11476:83e127eb91f9

util.datamapper: Deal with locally built stanzas missing xmlns So the problem is that xmlns is not inherited when building a stanza, and then :get_child(n, ns) with an explicit namespace does not find that such child tags. E.g. local t = st.stanza("foo", { xmlns = "urn:example:bar" }) :text_tag("hello", "world"); assert(t:get_child("hello", "urn:example:bar"), "This fails"); Meanwhile, during parsing (util.xmppstream or util.xml) child tags do get the parents xmlns when not overriding them. Thus, in the above example, if the stanza is passed trough `t = util.xml.parse(tostring(t))` then the assert succeeds. This change makes it so that it leaves out the namespace argument to :get_child when it is the same as the current/parent namespace, which behaves the same for both built and parsed stanzas.
author Kim Alvefur <zash@zash.se>
date Tue, 23 Mar 2021 19:52:59 +0100
parent 10660:c4ded3be7cc0
child 11561:d2f33b8fdc96
line wrap: on
line source

local s_gsub = string.gsub;
local json = require "util.json";
local hashes = require "util.hashes";
local base64_encode = require "util.encodings".base64.encode;
local base64_decode = require "util.encodings".base64.decode;

local b64url_rep = { ["+"] = "-", ["/"] = "_", ["="] = "", ["-"] = "+", ["_"] = "/" };
local function b64url(data)
	return (s_gsub(base64_encode(data), "[+/=]", b64url_rep));
end
local function unb64url(data)
	return base64_decode(s_gsub(data, "[-_]", b64url_rep).."==");
end

local static_header = b64url('{"alg":"HS256","typ":"JWT"}') .. '.';

local function sign(key, payload)
	local encoded_payload = json.encode(payload);
	local signed = static_header .. b64url(encoded_payload);
	local signature = hashes.hmac_sha256(key, signed);
	return signed .. "." .. b64url(signature);
end

local jwt_pattern = "^(([A-Za-z0-9-_]+)%.([A-Za-z0-9-_]+))%.([A-Za-z0-9-_]+)$"
local function verify(key, blob)
	local signed, bheader, bpayload, signature = string.match(blob, jwt_pattern);
	if not signed then
		return nil, "invalid-encoding";
	end
	local header = json.decode(unb64url(bheader));
	if not header or type(header) ~= "table" then
		return nil, "invalid-header";
	elseif header.alg ~= "HS256" then
		return nil, "unsupported-algorithm";
	end
	if b64url(hashes.hmac_sha256(key, signed)) ~= signature then
		return false, "signature-mismatch";
	end
	local payload, err = json.decode(unb64url(bpayload));
	if err ~= nil then
		return nil, "json-decode-error";
	end
	return true, payload;
end

return {
	sign = sign;
	verify = verify;
};