Set the JWT algorithm to RS256 in decode specs

By default, the JWT decode only allows HS256 mode (HMAC using SHA-256 hash algorithm). The specs using RSA tokens failed per https://github.com/jwt/ruby-jwt#algorithms-and-usage: It is strongly recommended that you hard code the algorithm, as you may leave yourself vulnerable by dynamically picking the algorithm.
author: Stan Hu <stanhu@gmail.com> 2018-12-29 06:20:04 -0800
committer: Stan Hu <stanhu@gmail.com> 2018-12-29 06:20:04 -0800
commit: 34f51dee0d336487a3fac0946eb198bb5996368b (patch)
tree: 2c6748d6cd68dc9c49225fb5936969cc2876595a /spec/services/auth
parent: ae8724ff227f7cc80f10c605cecfbd5c4f63922a (diff)
download: gitlab-ce-34f51dee0d336487a3fac0946eb198bb5996368b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index f2e9799452a..8021bd338e0 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do
   let(:current_user) { nil }
   let(:current_params) { {} }
   let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
-  let(:payload) { JWT.decode(subject[:token], rsa_key).first }
+  let(:payload) { JWT.decode(subject[:token], rsa_key, true, { algorithm: 'RS256' }).first }
 
   let(:authentication_abilities) do
     [:read_container_image, :create_container_image, :admin_container_image]
author	Stan Hu <stanhu@gmail.com>	2018-12-29 06:20:04 -0800
committer	Stan Hu <stanhu@gmail.com>	2018-12-29 06:20:04 -0800
commit	34f51dee0d336487a3fac0946eb198bb5996368b (patch)
tree	2c6748d6cd68dc9c49225fb5936969cc2876595a /spec/services/auth
parent	ae8724ff227f7cc80f10c605cecfbd5c4f63922a (diff)
download	gitlab-ce-34f51dee0d336487a3fac0946eb198bb5996368b.tar.gz