fix: validate session JWT structure during parsing and validating

797ac593 · Sietse Ringers · 9a92f3d8 · 797ac593
Commit 797ac593 authored Oct 13, 2019 by Sietse Ringers
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

messages.go messages.go +3 -0

No files found.
--- a/messages.go
+++ b/messages.go
@@ -294,6 +294,9 @@ func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)
 	if _, _, err := new(jwt.Parser).ParseUnverified(requestorJwt, retval); err != nil {
 		return nil, err
 	}
+	if err := retval.RequestorRequest().Validate(); err != nil {
+		return nil, errors.WrapPrefix(err, "Invalid JWT body", 0)
+	}
 	return retval, nil
 }