TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-26 13:35:16 +03:00
Code Issues Projects Releases Wiki Activity

Removed the need for audience and issuer claim

Browse Source 
no-issue

This is unecessary as this is a closes system, the tokens are issued and
intended for the same service, using the same secret
This commit is contained in:
Fabien O'Carroll 2019-10-11 11:28:17 +07:00
parent 483654a4b6
commit 4c4d5aab91
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ghost/magic-link/index.js
View File

@ -89,8 +89,6 @@ function MagicLink(options) {
*/
MagicLink.prototype.sendMagicLink = async function sendMagicLink(options) {
const token = jwt.sign({}, this.secret, {
audience: '@tryghost/magic-link',
issuer: '@tryghost/magic-link',
algorithm: 'HS256',
subject: options.subject,
expiresIn: '10m'
@ -119,8 +117,6 @@ MagicLink.prototype.sendMagicLink = async function sendMagicLink(options) {
MagicLink.prototype.getUserFromToken = function getUserFromToken(token) {
/** @type {object} */
const claims = jwt.verify(token, this.secret, {
audience: '@tryghost/magic-link',
issuer: '@tryghost/magic-link',
algorithms: ['HS256'],
maxAge: '10m'
});