Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugfix: remove unsupported algorithm in jwt plugin. #2356

Merged
merged 2 commits into from
Oct 4, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions apisix/plugins/jwt-auth.lua
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ local schema = {
secret = {type = "string"},
algorithm = {
type = "string",
enum = {"HS256", "HS384", "HS512", "RS256", "ES256"}
enum = {"HS256", "HS512", "RS256"},
default = "HS256"
},
exp = {type = "integer", minimum = 1},
base64_secret = {
Expand Down Expand Up @@ -85,10 +86,6 @@ function _M.check_schema(conf)
conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
end

if not conf.algorithm then
conf.algorithm = "HS256"
end

if not conf.exp then
conf.exp = 60 * 60 * 24
end
Expand Down Expand Up @@ -207,11 +204,11 @@ local function gen_token()
local jwt_token = jwt:sign(
auth_secret,
{
header={
header = {
typ = "JWT",
alg = consumer.auth_conf.algorithm
},
payload={
payload = {
key = key,
exp = ngx_time() + consumer.auth_conf.exp
}
Expand Down
2 changes: 1 addition & 1 deletion doc/plugins/jwt-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ For more information on JWT, refer to [JWT](https://jwt.io/) for more informatio
| ------------- | ------- | ----------- | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| key | string | required | | | different `consumer` have different value, it's unique. different `consumer` use the same `key`, and there will be a request matching exception. |
| secret | string | optional | | | encryption key. if you do not specify, the value is auto-generated in the background. |
| algorithm | string | optional | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | encryption algorithm. |
| algorithm | string | optional | "HS256" | ["HS256", "HS512", "RS256"] | encryption algorithm. |
| exp | integer | optional | 86400 | [1,...] | token's expire time, in seconds |
| base64_secret | boolean | optional | false | | whether secret is base64 encoded |

Expand Down
2 changes: 1 addition & 1 deletion doc/zh-cn/plugins/jwt-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
| ------------- | ------- | ------ | ------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| key | string | 必须 | | | 不同的 `consumer` 对象应有不同的值,它应当是唯一的。不同 consumer 使用了相同的 `key` ,将会出现请求匹配异常。 |
| secret | string | 可选 | | | 加密秘钥。如果您未指定,后台将会自动帮您生成。 |
| algorithm | string | 可选 | "HS256" | ["HS256", "HS384", "HS512", "RS256", "ES256"] | 加密算法 |
| algorithm | string | 可选 | "HS256" | ["HS256", "HS512", "RS256"] | 加密算法 |
| exp | integer | 可选 | 86400 | [1,...] | token 的超时时间 |
| base64_secret | boolean | 可选 | false | | 密钥是否为 base64 编码 |

Expand Down