mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-22 00:33:59 +00:00
Code Issues Projects Releases Wiki Activity

VerifyLoginTask: beware wrong number of parts when splitting JWT

Browse Source
This commit is contained in:
Dylan K. Taylor 2020-05-13 12:36:14 +01:00
parent c4150d4520
commit 1513a0e092
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/pocketmine/network/mcpe/VerifyLoginTask.php
View File

@ -30,6 +30,7 @@ use pocketmine\Server;
use function assert;
use function base64_decode;
use function chr;
use function count;
use function explode;
use function json_decode;
use function ltrim;
@ -94,7 +95,11 @@ class VerifyLoginTask extends AsyncTask{
* @throws VerifyLoginException if errors are encountered
*/
private function validateToken(string $jwt, ?string &$currentPublicKey, bool $first = false) : void{
[$headB64, $payloadB64, $sigB64] = explode('.', $jwt);
$rawParts = explode('.', $jwt);
if(count($rawParts) !== 3){
throw new VerifyLoginException("Wrong number of JWT parts, expected 3, got " . count($rawParts));
}
[$headB64, $payloadB64, $sigB64] = $rawParts;
$headers = json_decode(base64_decode(strtr($headB64, '-_', '+/'), true), true);