nodejs/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2026-03-13 08:41:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

always verify token

Browse Source
This commit is contained in:
Phillip Thelen
2020-02-27 14:52:39 +01:00
parent 20c3bd73b9
commit 8ac40c76bf
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
website/server/libs/auth/social.js
View File

@@ -41,10 +41,11 @@ async function _appleProfile (req) {
const passedToken = req.body.id_token ? req.body.id_token : req.query.id_token;
if (code) {
const response = await auth.accessToken(code);
idToken = jwt.decode(response.id_token);
} else if (passedToken) {
idToken = await jwt.verify(passedToken, applePublicKey, { algorithms: ['RS256'] });
passedToken = response.id_token
idToken = jwt.verify(response.id_token, applePublicKey, { algorithms: ['RS256'] });
}
idToken = await jwt.verify(passedToken, applePublicKey, { algorithms: ['RS256'] });
return {
id: idToken.sub,
emails: [idToken.email],