From 929e0c50bd6d90aca75ce2ae33e39b4683aa3d35 Mon Sep 17 00:00:00 2001 From: beltram Date: Thu, 24 Aug 2023 15:43:23 +0200 Subject: [PATCH] fix: x509 identity relax uuid validation --- x509_credential/src/lib.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/x509_credential/src/lib.rs b/x509_credential/src/lib.rs index bdec670ee5..cef7b7b89f 100644 --- a/x509_credential/src/lib.rs +++ b/x509_credential/src/lib.rs @@ -228,11 +228,13 @@ fn parse_client_id(client_id: &str) -> Option { Some(client_id) } -fn parse_user_id(user_id: impl AsRef<[u8]>) -> Option { - let user_id = base64::prelude::BASE64_URL_SAFE_NO_PAD +fn parse_user_id(user_id: impl AsRef<[u8]>) -> Option<()> { + let _user_id = base64::prelude::BASE64_URL_SAFE_NO_PAD .decode(user_id) .ok()?; // TODO: this holds for the former (wrong) userId encoding (where we were b64 encoding the uuid string and not byte representation) // When upstream rusty-jwt-tools gets merged, change to `uuid::Uuid::from_slice`. Core-Crypto tests will spot that anyway - uuid::Uuid::try_parse_ascii(&user_id).ok() + // uuid::Uuid::from_slice(&user_id).ok() + // TODO: reintroduce this check once all platform got the fix with the correct userId encoding + Some(()) }