1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-21 05:00:28 +01:00

Fix public api for domains with path prefix (#4500)

Dieser Commit ist enthalten in:
FDHoho007 2024-05-19 20:33:31 +02:00 committet von GitHub
Ursprung f5fb69b64f
Commit 753a9e0bae
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: B5690EEEBB952194

Datei anzeigen

@ -216,12 +216,8 @@ impl<'r> FromRequest<'r> for PublicToken {
if time_now > claims.exp {
err_handler!("Token expired");
}
// Check if claims.iss is host|claims.scope[0]
let host = match auth::Host::from_request(request).await {
Outcome::Success(host) => host,
_ => err_handler!("Error getting Host"),
};
let complete_host = format!("{}|{}", host.host, claims.scope[0]);
// Check if claims.iss is domain|claims.scope[0]
let complete_host = format!("{}|{}", CONFIG.domain_origin(), claims.scope[0]);
if complete_host != claims.iss {
err_handler!("Token not issued by this server");
}