diff options
| author |  dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2025-01-27 11:08:13 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-01-27 11:08:13 +0000 |
| commit | a7737687182dbf8803800f575e2083cecfd481f7 (patch) | |
| tree | 05a7aa5535bc5eb0ee6c8b4b529aa959ab9fdbbe /vendor/github.com/golang-jwt/jwt/v5/none.go | |
| parent | [chore]: Bump github.com/miekg/dns from 1.1.62 to 1.1.63 (#3695) (diff) | |
| download | gotosocial-a7737687182dbf8803800f575e2083cecfd481f7.tar.xz | |
[chore]: Bump github.com/SherClockHolmes/webpush-go from 1.3.0 to 1.4.0 (#3694)
Bumps [github.com/SherClockHolmes/webpush-go](https://github.com/SherClockHolmes/webpush-go) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/SherClockHolmes/webpush-go/releases)
- [Commits](https://github.com/SherClockHolmes/webpush-go/compare/v1.3.0...v1.4.0)
---
updated-dependencies:
- dependency-name: github.com/SherClockHolmes/webpush-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Diffstat (limited to 'vendor/github.com/golang-jwt/jwt/v5/none.go')
| -rw-r--r-- | vendor/github.com/golang-jwt/jwt/v5/none.go | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/vendor/github.com/golang-jwt/jwt/v5/none.go b/vendor/github.com/golang-jwt/jwt/v5/none.go new file mode 100644 index 000000000..685c2ea30 --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/v5/none.go @@ -0,0 +1,50 @@ +package jwt + +// SigningMethodNone implements the none signing method. This is required by the spec +// but you probably should never use it. +var SigningMethodNone *signingMethodNone + +const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed" + +var NoneSignatureTypeDisallowedError error + +type signingMethodNone struct{} +type unsafeNoneMagicConstant string + +func init() { + SigningMethodNone = &signingMethodNone{} + NoneSignatureTypeDisallowedError = newError("'none' signature type is not allowed", ErrTokenUnverifiable) + + RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod { + return SigningMethodNone + }) +} + +func (m *signingMethodNone) Alg() string { + return "none" +} + +// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key +func (m *signingMethodNone) Verify(signingString string, sig []byte, key interface{}) (err error) { + // Key must be UnsafeAllowNoneSignatureType to prevent accidentally + // accepting 'none' signing method + if _, ok := key.(unsafeNoneMagicConstant); !ok { + return NoneSignatureTypeDisallowedError + } + // If signing method is none, signature must be an empty string + if len(sig) != 0 { + return newError("'none' signing method with non-empty signature", ErrTokenUnverifiable) + } + + // Accept 'none' signing method. + return nil +} + +// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key +func (m *signingMethodNone) Sign(signingString string, key interface{}) ([]byte, error) { + if _, ok := key.(unsafeNoneMagicConstant); ok { + return []byte{}, nil + } + + return nil, NoneSignatureTypeDisallowedError +} |