From 3f9e930748af4714a4e1ff58fc5aa8b382fa1515 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Sun, 15 Aug 2021 12:43:41 +0200
Subject: Add algorithms to jwt.decode calls

---
 fbin/fbin.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'fbin/fbin.py')

diff --git a/fbin/fbin.py b/fbin/fbin.py
index b062c9a..d0a5a9a 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -253,9 +253,11 @@ def auth():
         return redirect(url_for('.index'))
     try:
         jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
-                audience=current_app.config['OAUTH_CLIENT_ID'])
+                audience=current_app.config['OAUTH_CLIENT_ID'],
+                algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
         jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'],
-                audience=current_app.config['OAUTH_CLIENT_ID'])
+                audience=current_app.config['OAUTH_CLIENT_ID'],
+                algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
     except jwt.InvalidTokenError as e:
         flash('Failed to verify token: {!s}'.format(e), 'error')
         return redirect(url_for('.index'))
@@ -414,7 +416,7 @@ def generate_api_key():
         'nbf': now,
         'sub': user_id,
     }
-    token = jwt.encode(data, current_app.config['SECRET_KEY'])
+    token = jwt.encode(data, current_app.config['SECRET_KEY'], algorithm=current_app.config['API_JWT_ALGORITHM'])
     return token
 
 
-- 
cgit v1.2.3