Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decode fails with 'none' algorithm and verify #75

Closed
danleyden opened this issue Apr 17, 2015 · 6 comments
Closed

decode fails with 'none' algorithm and verify #75

danleyden opened this issue Apr 17, 2015 · 6 comments
Labels
bug
Milestone
Version 1.5.1

Comments

@danleyden
Copy link
Contributor

When providing a token that has the algorithm 'none' to the decode method, a decode error is raised from line 87 with the error message 'Not enough or too many segments'.

This can be suppressed by disabling verification when decoding, but that has knock-on effects of other claims not being verified.

I believe the correct behaviour should be that, when the algorithm is 'none' and the token is otherwise valid, the decode method should return successfully.

It is worth noting that this behaviour provides (accidentally, I believe) protection against certain attacks. To provide support for this without exposing users to additional vulnerabilities, I would suggest also adding some flag (that defaults safely) that allows the developer to 'turn on' acceptance of the 'none' algorithm.
@excpt
Copy link
Member

excpt commented Apr 17, 2015

Does your none-token have a . (dot) as the last character?

@danleyden
Copy link
Contributor Author

it does indeed.

Generated using JWT.encode(payload, 'some key that gets ignored', 'none', my_header)

I believe the RFC calls for the trailing '.' in the case of the 'none' algorithm (see section 6.1), so I believe the token is correct. This is to indicate that the signature is actually the empty string.

@excpt
Copy link
Member

excpt commented Apr 17, 2015

I just needed to know this. This is a bug. Thanks for reporting. :)

@excpt excpt added the bug label Apr 17, 2015
@excpt excpt added this to the Version 1.5.1 milestone May 9, 2015
@excpt
Copy link
Member

excpt commented May 14, 2015

@danleyden If you find some time you can checkout the rspec-test-refactoring branch and test the updated code.

@danleyden
Copy link
Contributor Author

Thanks @excpt - that looks like it fixes the bug.

However, that does open the door for third parties tampering with the token in the default use case..

Take the case where I send a valid, signed (not encrypted) token with e.g. RS256. A man in the middle could intercept that token, remove the signature and alter the alg claim to 'none' and send it on as a valid token. In this case, unless the implementer has set the algorithm when calling verify (a slightly buried option) the token will be accepted.

Given that, by fixing this, we open the door to that attack vector (albeit through the developer not using the library fully), I would be tempted not to merge that fix in until there is a better story around the none algorithm, such as forcing the developer to specifically enable its use.

@danleyden danleyden reopened this May 15, 2015
@excpt
Copy link
Member

excpt commented May 15, 2015

Thanks for testing. I will remove that fix and the documentation is already updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Version 1.5.1
Development

No branches or pull requests
2 participants
@excpt @danleyden