diff options
author | Matthew Wild <mwild1@gmail.com> | 2022-07-11 13:51:39 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2022-07-11 13:51:39 +0100 |
commit | e2f61d6e7e2b5862811e22fd7eb065e5997e24e0 (patch) | |
tree | 861cb19bc3f10b799aa97c1e86ddd74d84700e22 | |
parent | 7a36d5edcfce7c91f321783afee1cdf6aa151fa8 (diff) | |
download | prosody-e2f61d6e7e2b5862811e22fd7eb065e5997e24e0.tar.gz prosody-e2f61d6e7e2b5862811e22fd7eb065e5997e24e0.zip |
util.paseto: Fix to decode footer before comparison
-rw-r--r-- | util/paseto.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/util/paseto.lua b/util/paseto.lua index 5f162ad0..352c9df0 100644 --- a/util/paseto.lua +++ b/util/paseto.lua @@ -69,6 +69,7 @@ function v4_public.verify(tok, pk, expected_f, i) if not h then return nil, "invalid-token-format"; end + f = f and unb64url(f) or nil; if expected_f then if not f or not secure_equals(expected_f, f) then return nil, "invalid-footer"; |