KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(auth): relax parameter validation in JWT login
Some checks failed
ci / ci (push) Failing after 0s
Details

Browse source 
Changed the validation for the 'key' parameter from ALPHANUM to RAW in the JWT login method. This allows more flexible key formats, accommodating a wider range of authentication schemes. Ensure existing keys are compatible with the broader validation.
This commit is contained in:
Kumi 2024-06-25 22:00:16 +02:00
parent 92ed01adc5
commit a757e87eff
Signed by: kumi
GPG key ID: ECBCC9082395383F
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
auth.php
View file

@ -139,7 +139,7 @@ class auth_plugin_jwt extends auth_plugin_base {
public function user_login_jwt() { public function user_login_jwt() {
global $SESSION, $CFG, $USER; global $SESSION, $CFG, $USER;
$keyvalue = required_param('key', PARAM_ALPHANUM); $keyvalue = required_param('key', PARAM_RAW);
$wantsurl = optional_param('wantsurl', '', PARAM_URL); $wantsurl = optional_param('wantsurl', '', PARAM_URL);
if (!empty($wantsurl)) { if (!empty($wantsurl)) {