Commit 34f51dee authored by Stan Hu's avatar Stan Hu

Set the JWT algorithm to RS256 in decode specs

By default, the JWT decode only allows HS256 mode (HMAC using SHA-256
hash algorithm). The specs using RSA tokens failed per
https://github.com/jwt/ruby-jwt#algorithms-and-usage:

It is strongly recommended that you hard code the algorithm, as you may
leave yourself vulnerable by dynamically picking the algorithm.
parent ae8724ff
...@@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do ...@@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do
rsa_token['key'] = 'value' rsa_token['key'] = 'value'
end end
subject { JWT.decode(rsa_encoded, rsa_key) } subject { JWT.decode(rsa_encoded, rsa_key, true, { algorithm: 'RS256' }) }
it { expect {subject}.not_to raise_error } it { expect {subject}.not_to raise_error }
it { expect(subject.first).to include('key' => 'value') } it { expect(subject.first).to include('key' => 'value') }
...@@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do ...@@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do
context 'for invalid key to raise an exception' do context 'for invalid key to raise an exception' do
let(:new_key) { OpenSSL::PKey::RSA.generate(512) } let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
subject { JWT.decode(rsa_encoded, new_key) } subject { JWT.decode(rsa_encoded, new_key, true, { algorithm: 'RS256' }) }
it { expect {subject}.to raise_error(JWT::DecodeError) } it { expect {subject}.to raise_error(JWT::DecodeError) }
end end
......
...@@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do ...@@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:current_user) { nil } let(:current_user) { nil }
let(:current_params) { {} } let(:current_params) { {} }
let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) } let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
let(:payload) { JWT.decode(subject[:token], rsa_key).first } let(:payload) { JWT.decode(subject[:token], rsa_key, true, { algorithm: 'RS256' }).first }
let(:authentication_abilities) do let(:authentication_abilities) do
[:read_container_image, :create_container_image, :admin_container_image] [:read_container_image, :create_container_image, :admin_container_image]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment