Added more verification tests and fixes

2025-05-15 01:08:31 +00:00 · 2017-12-27 15:25:53 +05:30 · 2017-12-27 15:25:53 +05:30 · 5771f97c1c
commit 5771f97c1c
parent e662b445dd
4 changed files with 113 additions and 2 deletions
--- a/include/jwt/impl/jwt.ipp
+++ b/include/jwt/impl/jwt.ipp
@ -443,7 +443,7 @@ std::error_code jwt_object::verify(
    auto p_exp = payload()
                 .get_claim_value<uint64_t>(registered_claims::not_before);

-    if ((p_exp - dparams.leeway) < curr_time) {
+    if ((p_exp - dparams.leeway) > curr_time) {
      ec = VerificationErrc::ImmatureSignature;
      return ec;
    }
--- a/include/jwt/jwt.hpp
+++ b/include/jwt/jwt.hpp
@ -762,7 +762,7 @@ public: // 'tors
   *
   * 4. headers : Can pass a initializer list of pairs or any associative
   * containers which models `MappingConcept` (see `meta::is_mapping_concept`)
-   * to populate header. Can be used to set JTI.
+   * to populate header. Not much useful unless JWE is supported.
   */
  template <typename... Args>
  jwt_object(Args&&... args);
@ -1026,9 +1026,11 @@ private: // Data Members
 * Optional parameters that can be passed:
 * 1. verify : A boolean flag to indicate whether
 * the signature should be verified or not.
+ * Set to `true` by default.
 *
 * 2. leeway : Number of seconds that can be added (in case of exp)
 * or subtracted (in case of nbf) to be more lenient.
+ * Set to `0` by default.
 *
 * 3. algorithms : Takes in a sequence of algorithms which the client
 * expects the signature to be decoded with.
--- a/tests/test_jwt_decode_verifiy.cc
+++ b/tests/test_jwt_decode_verifiy.cc
@ -58,6 +58,115 @@ TEST (DecodeVerify, AfterExpiryWithLeeway)
  ASSERT_FALSE (ec);
 }

+TEST (DecodeVerify, ValidIssuerTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret")};
+  obj.add_claim("iss", "arun.muralidharan")
+     .add_claim("sub", "test")
+     ;
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.muralidharan"));
+  ASSERT_FALSE (ec);
+}
+
+TEST (DecodeVerify, InvalidIssuerTest_1)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.muralidharan"));
+  ASSERT_TRUE (ec);
+
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidIssuer));
+}
+
+TEST (DecodeVerify, InvalidIssuerTest_2)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
+  obj.add_claim("iss", "arun.muralidharan");
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), issuer("arun.murali"));
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidIssuer));
+}
+
+TEST (DecodeVerify, NotImmatureSignatureTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
+  obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() - std::chrono::seconds{10});
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"));
+  ASSERT_FALSE (ec);
+}
+
+TEST (DecodeVerify, ImmatureSignatureTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
+  obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() + std::chrono::seconds{10});
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"));
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::ImmatureSignature));
+}
+
+TEST (DecodeVerify, ImmatureSignatureTestWithLeeway)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}})};
+  obj.add_claim(jwt::registered_claims::not_before, std::chrono::system_clock::now() + std::chrono::seconds{10});
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), leeway(10));
+  ASSERT_FALSE (ec);
+}
+
+TEST (DecodeVerify, InvalidAudienceTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret"), payload({{"sub", "test"}, {"aud", "www"}})};
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), aud("ww"));
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::InvalidAudience));
+}
+
 int main(int argc, char* argv[]) {
  ::testing::InitGoogleTest(&argc, argv);
  return RUN_ALL_TESTS();
--- a/tests/test_jwt_decode_verify
+++ b/tests/test_jwt_decode_verify