fix(jwt): specify algorithm in encode and remove in decode
Some checks failed
ci / ci (push) Failing after 0s
Some checks failed
ci / ci (push) Failing after 0s
Updated JWT::encode to explicitly use the HS256 algorithm for greater security. Removed redundant algorithm specification in JWT::decode for improved consistency and simplicity. This ensures the JWT operations follow expected standards and enhances maintainability.
This commit is contained in:
parent
dbcf9bebc3
commit
828af94032
GPG key ID:
ECBCC9082395383F
1 changed files with 2 additions and 2 deletions
|
|
@ -79,7 +79,7 @@ class core_jwt_manager
|
||||||
|
|
||||||
$secret = $this->config->jwtsecret;
|
$secret = $this->config->jwtsecret;
|
||||||
|
|
||||||
return JWT::encode($payload, $secret);
|
return JWT::encode($payload, $secret, 'HS256');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -96,7 +96,7 @@ class core_jwt_manager
|
||||||
$secret = $this->config->jwtsecret;
|
$secret = $this->config->jwtsecret;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$decoded = JWT::decode($keyvalue, $secret, ['HS256']);
|
$decoded = JWT::decode($keyvalue, $secret);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
throw new \moodle_exception('invalidkey');
|
throw new \moodle_exception('invalidkey');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue