fix(auth): fix JWT verification

src/config.rs

@@ -2,8 +2,6 @@
 //!
 //! Contains Config structures, as well as means of serialising them.
 
-use std::collections::HashSet;
-
 use toml;
 use toml::de::Error as TomlError;
 
@@ -68,7 +66,7 @@ pub struct PackageDescription {
 /// Configuration for validating the JWT token
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct JWTValidation {
-    pub iss: Option<HashSet<String>>,
+    pub iss: Option<String>,
     // This can technically be a Vec as well, but thats a pain to support atm
     pub aud: Option<String>,
 }

src/frontend/rest/services/authentication.rs

@@ -2,6 +2,7 @@
 //!
 //! Provides mechanisms to authenticate users using JWT.
 
+use std::collections::HashSet;
 use std::sync::Arc;
 
 use futures::{Future, Stream};
@@ -142,7 +143,11 @@ pub fn validate_token(
     let mut validation = match validation {
         Some(v) => {
             let mut valid = Validation::new(Algorithm::RS256);
-            valid.iss = v.iss;
+            valid.iss = v.iss.map(|iss| {
+                let mut issuer = HashSet::new();
+                issuer.insert(iss);
+                issuer
+            });
             if let &Some(ref v) = &v.aud {
                 valid.set_audience(&[v]);
             }