Browse files

Enforce token signature policy.

Change-Id: I2f1da05ddf5a6e215e6049eb8d88b839f4ce8e52
  • Loading branch information...
1 parent dc8420e commit dcc038eebd7c9dfb34ef0130c5b295117ece4d47 Dale Olds committed with seansweda Jan 9, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 cloud_controller/app/models/uaa_token.rb
View
5 cloud_controller/app/models/uaa_token.rb
@@ -55,6 +55,11 @@ def decode_token(auth_token)
token_information = nil
begin
+ if (hdr = /^bearer\s+([^.]+)/i.match(auth_token)) &&
+ (hdr = CF::UAA::TokenCoder.base64url_decode(hdr[1])) &&
+ CF::UAA::Util.json_parse(hdr)[:alg] == "none"
+ raise CF::UAA::DecodeError, "Token signature algorithm not accepted"
+ end
token_information = @uaa_token_coder.decode(auth_token)
CloudController.logger.info("Decoded user token #{token_information.inspect}")
rescue => e

0 comments on commit dcc038e

Please sign in to comment.