fix: update JWT decode method to use Key object
Some checks failed
ci / ci (push) Failing after 0s

Modified the JWT::decode method to use the Key object for decoding JWTs. This enhances security by explicitly specifying the algorithm used (HS256) and aligns with recent updates in the Firebase JWT library.
This commit is contained in:
Kumi 2024-06-25 19:33:02 +02:00
parent 6b51e0bceb
commit 5ae53cfc14
Signed by: kumi
GPG key ID: ECBCC9082395383F

View file

@ -19,6 +19,7 @@ namespace auth_jwt;
require_once(__DIR__ . '/../vendor/autoload.php'); require_once(__DIR__ . '/../vendor/autoload.php');
use \Firebase\JWT\JWT; use \Firebase\JWT\JWT;
use \Firebase\JWT\Key;
/** /**
* Key manager class. * Key manager class.
@ -96,7 +97,7 @@ class core_jwt_manager
$secret = $this->config->jwtsecret; $secret = $this->config->jwtsecret;
try { try {
$decoded = JWT::decode($keyvalue, $secret); $decoded = JWT::decode($keyvalue, new Key($secret, 'HS256'));
} catch (\Exception $e) { } catch (\Exception $e) {
throw new \moodle_exception('invalidkey'); throw new \moodle_exception('invalidkey');
} }