From e2f61d6e7e2b5862811e22fd7eb065e5997e24e0 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Mon, 11 Jul 2022 13:51:39 +0100
Subject: util.paseto: Fix to decode footer before comparison

---
 util/paseto.lua | 1 +
 1 file changed, 1 insertion(+)

(limited to 'util')

diff --git a/util/paseto.lua b/util/paseto.lua
index 5f162ad0..352c9df0 100644
--- a/util/paseto.lua
+++ b/util/paseto.lua
@@ -69,6 +69,7 @@ function v4_public.verify(tok, pk, expected_f, i)
 	if not h then
 		return nil, "invalid-token-format";
 	end
+	f = f and unb64url(f) or nil;
 	if expected_f then
 		if not f or not secure_equals(expected_f, f) then
 			return nil, "invalid-footer";
-- 
cgit v1.2.3