eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-15 01:08:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added more verification tests and fixes

Browse source
This commit is contained in:
Arun M 2017-12-27 15:25:53 +05:30
parent e662b445dd
commit 5771f97c1c
4 changed files with 113 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/jwt/impl/jwt.ipp
View file

@ -443,7 +443,7 @@ std::error_code jwt_object::verify(
auto p_exp = payload() auto p_exp = payload()
.get_claim_value<uint64_t>(registered_claims::not_before); .get_claim_value<uint64_t>(registered_claims::not_before);
if ((p_exp - dparams.leeway) < curr_time) { if ((p_exp - dparams.leeway) > curr_time) {
ec = VerificationErrc::ImmatureSignature; ec = VerificationErrc::ImmatureSignature;
return ec; return ec;
} }

4
include/jwt/jwt.hpp
View file

@ -762,7 +762,7 @@ public: // 'tors
* *
* 4. headers : Can pass a initializer list of pairs or any associative * 4. headers : Can pass a initializer list of pairs or any associative
* containers which models `MappingConcept` (see `meta::is_mapping_concept`) * containers which models `MappingConcept` (see `meta::is_mapping_concept`)
* to populate header. Can be used to set JTI. * to populate header. Not much useful unless JWE is supported.
*/ */
template <typename... Args> template <typename... Args>
jwt_object(Args&&... args); jwt_object(Args&&... args);
@ -1026,9 +1026,11 @@ private: // Data Members
* Optional parameters that can be passed: * Optional parameters that can be passed:
* 1. verify : A boolean flag to indicate whether * 1. verify : A boolean flag to indicate whether
* the signature should be verified or not. * the signature should be verified or not.
* Set to `true` by default.
* *
* 2. leeway : Number of seconds that can be added (in case of exp) * 2. leeway : Number of seconds that can be added (in case of exp)
* or subtracted (in case of nbf) to be more lenient. * or subtracted (in case of nbf) to be more lenient.
* Set to `0` by default.
* *
* 3. algorithms : Takes in a sequence of algorithms which the client * 3. algorithms : Takes in a sequence of algorithms which the client
* expects the signature to be decoded with. * expects the signature to be decoded with.

109
tests/test_jwt_decode_verifiy.cc
View file

@ -58,6 +58,115 @@ TEST (DecodeVerify, AfterExpiryWithLeeway)
ASSERT_FALSE (ec); ASSERT_FALSE (ec);
} }
TEST (DecodeVerify, ValidIssuerTest)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret")};
obj.add_claim("iss", "arun.muralidharan")
.add_claim("sub", "test")
;
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.muralidharan"));
ASSERT_FALSE (ec);
}
TEST (DecodeVerify, InvalidIssuerTest_1)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.muralidharan"));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidIssuer));
}
TEST (DecodeVerify, InvalidIssuerTest_2)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
obj.add_claim("iss", "arun.muralidharan");
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.murali"));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidIssuer));
}
TEST (DecodeVerify, NotImmatureSignatureTest)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() - std::chrono::seconds{10});
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"));
ASSERT_FALSE (ec);
}
TEST (DecodeVerify, ImmatureSignatureTest)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() + std::chrono::seconds{10});
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::ImmatureSignature));
}
TEST (DecodeVerify, ImmatureSignatureTestWithLeeway)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() + std::chrono::seconds{10});
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), leeway(10));
ASSERT_FALSE (ec);
}
TEST (DecodeVerify, InvalidAudienceTest)
{
using namespace jwt::params;
jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}, {"aud", "www"}})};
std::error_code ec;
auto enc_str = obj.signature(ec);
ASSERT_FALSE (ec);
auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), aud("ww"));
ASSERT_TRUE (ec);
EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidAudience));
}
int main(int argc, char* argv[]) { int main(int argc, char* argv[]) {
::testing::InitGoogleTest(&argc, argv); ::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS(); return RUN_ALL_TESTS();

BIN
tests/test_jwt_decode_verify
View file

Binary file not shown.