Commit 797ac593 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

fix: validate session JWT structure during parsing and validating

parent 9a92f3d8
......@@ -294,6 +294,9 @@ func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)
if _, _, err := new(jwt.Parser).ParseUnverified(requestorJwt, retval); err != nil {
return nil, err
}
if err := retval.RequestorRequest().Validate(); err != nil {
return nil, errors.WrapPrefix(err, "Invalid JWT body", 0)
}
return retval, nil
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment