Prevent decoding exception

Change-Id: I4427cfb0d339c156ec2b434f4defed341454dde2 Signed-off-by: Eric Bischoff <[email protected]>
openmainframeproject · Dec 14, 2023 · a4954cc · a4954cc
1 parent b523f03
commit a4954cc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/zvmsdk/sdkwsgi/handlers/tokens.py b/zvmsdk/sdkwsgi/handlers/tokens.py
@@ -1,7 +1,7 @@
 #  Copyright Contributors to the Feilong Project.
 #  SPDX-License-Identifier: Apache-2.0
 
-# Copyright 2017 IBM Corp.
+# Copyright 2017-2023 IBM Corp.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
@@ -102,7 +102,7 @@ def wrap_func(req, *args, **kwargs):
         token_file_path = CONF.wsgi.token_path
         admin_token = get_admin_token(token_file_path)
         try:
-            jwt.decode(req.headers['X-Auth-Token'], admin_token)
+            jwt.decode(req.headers['X-Auth-Token'], admin_token, algorithms="HS256")
         except jwt.ExpiredSignatureError:
             LOG.debug('token validation failed because it is expired')
             raise exception.ZVMUnauthorized()